Security Advisory

CVE-2019-7950

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-08-02 21:35:49

Last updated 2024-08-04 21:02:19

Assigner adobe

State PUBLISHED

Description

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information.

← Browse all CVEs View on cve.org ↗