ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10.
References
Configurations
History
17 Jan 2024, 22:18
Type | Values Removed | Values Added |
---|---|---|
First Time |
Pimcore e-commerce Framework
Pimcore |
|
CPE | cpe:2.3:a:pimcore:e-commerce_framework:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other | |
References | () https://github.com/pimcore/ecommerce-framework-bundle/commit/05dec000ed009828084d05cf686f468afd1f464e - Patch | |
References | () https://github.com/pimcore/ecommerce-framework-bundle/blob/ff6ff287b6eb468bb940909c56970363596e5c21/src/Controller/AdminOrderController.php#L98 - Issue Tracking | |
References | () https://github.com/pimcore/ecommerce-framework-bundle/releases/tag/v1.0.10 - Release Notes | |
References | () https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
11 Jan 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-11 01:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-21665
Mitre link : CVE-2024-21665
CVE.ORG link : CVE-2024-21665
JSON object : View
Products Affected
pimcore
- e-commerce_framework
CWE