Security Advisory

CVE-2023-41879

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-11 21:14:28

Last updated 2024-09-26 16:55:58

Assigner GitHub_M

State PUBLISHED

Description

Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the orders "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.

← Browse all CVEs View on cve.org ↗