CVE-2019-8235
published 2019-10-30CVE-2019-8235: An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | magento | — | — |
| adobe | magento | — | — |
| adobe | magento | — | — |
| magento | magento | >= 2.1.0 < 2.1.17 | 2.1.17 |
| magento | magento | >= 2.2.0 < 2.2.8 | 2.2.8 |
| magento | magento | >= 2.3.0 < 2.3.1 | 2.3.1 |