Описание
Magento Improper Authorization vulnerability
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-34256
- https://github.com/magento/magento2/commit/246d524b7586af2245092008e0d92b8d6fdd8523
- https://github.com/magento/magento2/commit/5548bc64b5bc904346c0af9193a7fbb5274b4efa
- https://github.com/magento/magento2/commit/5f07eba878296a37bd5c3a2baecad48948547594
- https://helpx.adobe.com/security/products/magento/apsb22-38.html
Пакеты
magento/community-edition
>= 2.3.0, < 2.3.7-p4
2.3.7-p4
magento/community-edition
>= 2.4.4, < 2.4.5
2.4.5
magento/community-edition
>= 2.4.0, < 2.4.3-p3
2.4.3-p3
Связанные уязвимости
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.
Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source и Adobe Commerce, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии