CVE-2019-8124

Published at:
2019-11-05T23:15:12.633
Source: [email protected]

Global infos:

An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorNETWORK
    Availability ImpactNONE
    Base Score4.9
    Base SeverityMEDIUM
    Confidentiality ImpactNONE
    Integrity ImpactHIGH
    Privileges RequiredHIGH
    ScopeUNCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
    Exploitability Score1.2
    Impact Score3.6
    Source[email protected]
    TypePrimary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords