CVE-2019-8118 — Cleartext Storage of Sensitive Info in Magento

CWE-312 — Cleartext Storage of Sensitive Info7 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 85.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Magento Community-edition Adobe Systems Incorporated Magento 2

Timeline

PublishedNov 5

Latest updateMay 24

Description

Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDmagento/magento2.1.0 — 2.1.19+3

▶Packagistmagento/community-edition2.1.0 — 2.1.19+2

▶CVEListV5adobe_systems_incorporated/magento_2Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2

Patches

Patch: magento.com ↗Patch: magento.com ↗

🔴Vulnerability Details

OSV

Magento 2 Community Edition Weak Cryptography↗2022-05-24

▶

GHSA

Magento 2 Community Edition Weak Cryptography↗2022-05-24

▶

CVEList

CVE-2019-8118: Magento 2↗2019-11-05

▶

💬Community

Bugzilla

CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶

Bugzilla

CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs ↗2020-02-21

▶