Headline
GHSA-xc5p-773w-m3pm: Magento Open Source Improper Authorization vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-45131
Magento Open Source Improper Authorization vulnerability
Moderate severity GitHub Reviewed Published Oct 10, 2024 to the GitHub Advisory Database • Updated Oct 11, 2024
Package
composer magento/community-edition (Composer)
Affected versions
>= 2.4.7-beta1, < 2.4.7-p3
>= 2.4.6-p1, < 2.4.6-p8
>= 2.4.5-p1, < 2.4.5-p10
< 2.4.4-p11
= 2.4.7
= 2.4.6
= 2.4.5
= 2.4.4
Patched versions
2.4.7-p3
2.4.6-p8
2.4.5-p10
2.4.4-p11
Published to the GitHub Advisory Database
Oct 10, 2024
Last updated
Oct 11, 2024