Headline
GHSA-gvrg-62jp-rf7j: PrestaShop allows employee without any access rights to list all installed modules
Impact
In BO, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn’t check access rights
Patches
Fixed on 8.1.2
Workarounds
References
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-gvrg-62jp-rf7j
PrestaShop allows employee without any access rights to list all installed modules
Moderate severity GitHub Reviewed Published Sep 28, 2023 in PrestaShop/PrestaShop • Updated Sep 28, 2023
Package
composer prestashop/prestashop (Composer)
Affected versions
< 8.1.2
Description
Impact
In BO, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn’t check access rights
Patches
Fixed on 8.1.2
Workarounds****References****References
- GHSA-gvrg-62jp-rf7j
- PrestaShop/PrestaShop@15bd281
Published to the GitHub Advisory Database
Sep 28, 2023
Last updated
Sep 28, 2023