VYPR
Get started
← All advisories
Moderate severityNVD Advisory· Published Nov 5, 2019· Updated Aug 4, 2024

CVE-2019-8123

CVE-2019-8123

Description

An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
magento/community-editionPackagist
>= 2.1.0, < 2.1.192.1.19
magento/community-editionPackagist
>= 2.2.0, < 2.2.102.2.10
magento/community-editionPackagist
>= 2.3.0, < 2.3.32.3.3

Affected products

1
  • Adobe Systems Incorporated/Magento 1& 2v5
    Range: Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2

Patches

1
fe462f46d5ef

Update BICs for 2.3.3

https://github.com/magento/devdocsDima ShevtsovOct 14, 2019via osv
commit
5 files changed · +66 205
  • guides/v2.3/release-notes/backward-incompatible-changes/reference.md+7 1 modified
    @@ -9,7 +9,13 @@ redirect_from:
 The changes are aggregated into two tables:
 
 1. **Changes in classes** that contains backward incompatible changes made to the PHP classes
-2. **Changes in interfaces** that contains backward incompatible changes made to the PHP interfaces
+1. **Changes in interfaces** that contains backward incompatible changes made to the PHP interfaces
+
+## 2.3.2 - 2.3.3
+
+{% include backward-incompatible-changes/open-source/2.3.2-2.3.3.md %}
+
+{% include backward-incompatible-changes/commerce/2.3.2-2.3.3.md %}
 
 ## 2.3.1 - 2.3.2
  • _includes/backward-incompatible-changes/commerce/2.3.2-2.3.3.html+0 16 removed
    @@ -1,16 +0,0 @@
-
-<h3 id="2.3.2-2.3.3-class">Class changes</h3>
-<table><tbody>
-    <tr>
-        <th>What changed</th>
-        <th>How it changed</th>
-    </tr>
-    <tr>
-        <td>Magento\SalesArchive\Block\Adminhtml\Sales\Order\View\Buttons::__construct</td>
-        <td>[public] Method parameter typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Rma\Block\Adminhtml\Order\View\Buttons::__construct</td>
-        <td>[public] Method parameter typing changed.</td>
-    </tr>
-</tbody></table>
  • _includes/backward-incompatible-changes/commerce/2.3.2-2.3.3.md+6 0 added
    @@ -0,0 +1,6 @@
+### {{ site.data.var.ee }} only changes in classes {#ee-class-232-233}
+
+| What changed | How it changed |
+| --- | --- |
+| Magento\SalesArchive\Block\Adminhtml\Sales\Order\View\Buttons::\_\_construct | [public] Method parameter typing changed. |
+| Magento\Rma\Block\Adminhtml\Order\View\Buttons::\_\_construct | [public] Method parameter typing changed. |
  • _includes/backward-incompatible-changes/open-source/2.3.2-2.3.3.html+0 188 removed
    @@ -1,188 +0,0 @@
-
-<h3 id="2.3.2-2.3.3-class">Class changes</h3>
-<table><tbody>
-    <tr>
-        <th>What changed</th>
-        <th>How it changed</th>
-    </tr>
-    <tr>
-        <td>Magento\Framework\Mail\Template\TransportBuilder::getTransport</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Framework\Mail\Template\TransportBuilder::getTemplate</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Framework\DataObject\Copy::copyFieldsetToTarget</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Framework\Data\Collection\AbstractDb::_renderFiltersBefore</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Tax\Block\Adminhtml\Rate\Form::_construct</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Swatches\Block\Product\Renderer\Configurable::getHtmlOutput</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Sales\Model\Order\Config::getStateDefaultStatus</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Sales\Model\Order\Config::getStatusFrontendLabel</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Sales\Block\Order\History::_construct</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Sales\Block\Order\History::_prepareLayout</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Sales\Block\Order\Recent::_construct</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Sales\Block\Order\Recent::_toHtml</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Sales\Block\Adminhtml\Order\View::__construct</td>
-        <td>[public] Method parameter typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Review\Block\Customer\View::_toHtml</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Newsletter\Model\Subscriber::received</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Newsletter\Block\Adminhtml\Problem::_construct</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Newsletter\Block\Adminhtml\Problem::getUnsubscribeButtonHtml</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Newsletter\Block\Adminhtml\Problem::getDeleteButtonHtml</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\GraphQl\Controller\GraphQl::dispatch</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Config\Console\Command\ConfigSetCommand::execute</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Checkout\Block\Cart\Totals::__construct</td>
-        <td>[public] Method parameter typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\CatalogRule\Model\Indexer\IndexBuilder::getActiveRules</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\CatalogRule\Model\Indexer\IndexBuilder::getAllRules</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Model\ResourceModel\Product::getCategoryCollection</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Model\Product\Visibility::getVisibleInCatalogIds</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Model\Product\Visibility::getVisibleInSearchIds</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Model\Product\Visibility::getVisibleInSiteIds</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Block\Adminhtml\Product\Grid::_construct</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Block\Adminhtml\Product\Grid::_prepareCollection</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Block\Adminhtml\Product\Grid::_addColumnFilterToCollection</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Block\Adminhtml\Product\Grid::_prepareColumns</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Block\Adminhtml\Product\Grid::_prepareMassaction</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Block\Adminhtml\Product\Grid::getGridUrl</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Catalog\Block\Adminhtml\Product\Grid::getRowUrl</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Backend\Block\Store\Switcher::_construct</td>
-        <td>[protected] Method return typing changed.</td>
-    </tr>
-    <tr>
-        <td>Magento\Wishlist\Model\ResourceModel\Item\Collection::_renderFiltersBefore</td>
-        <td>[protected] Method has been added.</td>
-    </tr>
-    <tr>
-        <td>Magento\Sales\Model\Order\Address::beforeSave</td>
-        <td>[public] Method has been added.</td>
-    </tr>
-    <tr>
-        <td>Magento\Reports\Block\Adminhtml\Grid::__construct</td>
-        <td>[public] Method has been added.</td>
-    </tr>
-    <tr>
-        <td>Magento\PageCache\Model\Config::VARNISH_6_CONFIGURATION_PATH</td>
-        <td>Constant has been added.</td>
-    </tr>
-    <tr>
-        <td>Magento\Eav\Model\ResourceModel\Entity\Attribute::_beforeDelete</td>
-        <td>[protected] Method has been added.</td>
-    </tr>
-    <tr>
-        <td>Magento\Directory\Model\ResourceModel\Country::__construct</td>
-        <td>[public] Method has been added.</td>
-    </tr>
-    <tr>
-        <td>Magento\Backend\Model\Url::setScope</td>
-        <td>[public] Method has been added.</td>
-    </tr>
-</tbody></table>
-
-<h3 id="2.3.2-2.3.3-interface">Interface changes</h3>
-<table><tbody>
-    <tr>
-        <th>What changed</th>
-        <th>How it changed</th>
-    </tr>
-    <tr>
-        <td>Magento\Vault\Api\PaymentTokenManagementInterface::getListByCustomerId</td>
-        <td>[public] Method return typing changed.</td>
-    </tr>
-</tbody></table>
  • _includes/backward-incompatible-changes/open-source/2.3.2-2.3.3.md+53 0 added
    @@ -0,0 +1,53 @@
+### Class changes {#class-232-233}
+
+| What changed | How it changed |
+| --- | --- |
+| Magento\Framework\Mail\Template\TransportBuilder::getTransport | [public] Method return typing changed. |
+| Magento\Framework\Mail\Template\TransportBuilder::getTemplate | [protected] Method return typing changed. |
+| Magento\Framework\DataObject\Copy::copyFieldsetToTarget | [public] Method return typing changed. |
+| Magento\Framework\Data\Collection\AbstractDb::\_renderFiltersBefore | [protected] Method return typing changed. |
+| Magento\Tax\Block\Adminhtml\Rate\Form::\_construct | [protected] Method return typing changed. |
+| Magento\Swatches\Block\Product\Renderer\Configurable::getHtmlOutput | [protected] Method return typing changed. |
+| Magento\Sales\Model\Order\Config::getStateDefaultStatus | [public] Method return typing changed. |
+| Magento\Sales\Model\Order\Config::getStatusFrontendLabel | [public] Method return typing changed. |
+| Magento\Sales\Block\Order\History::\_construct | [protected] Method return typing changed. |
+| Magento\Sales\Block\Order\History::\_prepareLayout | [protected] Method return typing changed. |
+| Magento\Sales\Block\Order\Recent::\_construct | [protected] Method return typing changed. |
+| Magento\Sales\Block\Order\Recent::\_toHtml | [protected] Method return typing changed. |
+| Magento\Sales\Block\Adminhtml\Order\View::\_\_construct | [public] Method parameter typing changed. |
+| Magento\Review\Block\Customer\View::\_toHtml | [protected] Method return typing changed. |
+| Magento\Newsletter\Model\Subscriber::received | [public] Method return typing changed. |
+| Magento\Newsletter\Block\Adminhtml\Problem::\_construct | [protected] Method return typing changed. |
+| Magento\Newsletter\Block\Adminhtml\Problem::getUnsubscribeButtonHtml | [public] Method return typing changed. |
+| Magento\Newsletter\Block\Adminhtml\Problem::getDeleteButtonHtml | [public] Method return typing changed. |
+| Magento\GraphQl\Controller\GraphQl::dispatch | [public] Method return typing changed. |
+| Magento\Config\Console\Command\ConfigSetCommand::execute | [protected] Method return typing changed. |
+| Magento\Checkout\Block\Cart\Totals::\_\_construct | [public] Method parameter typing changed. |
+| Magento\CatalogRule\Model\Indexer\IndexBuilder::getActiveRules | [protected] Method return typing changed. |
+| Magento\CatalogRule\Model\Indexer\IndexBuilder::getAllRules | [protected] Method return typing changed. |
+| Magento\Catalog\Model\ResourceModel\Product::getCategoryCollection | [public] Method return typing changed. |
+| Magento\Catalog\Model\Product\Visibility::getVisibleInCatalogIds | [public] Method return typing changed. |
+| Magento\Catalog\Model\Product\Visibility::getVisibleInSearchIds | [public] Method return typing changed. |
+| Magento\Catalog\Model\Product\Visibility::getVisibleInSiteIds | [public] Method return typing changed. |
+| Magento\Catalog\Block\Adminhtml\Product\Grid::\_construct | [protected] Method return typing changed. |
+| Magento\Catalog\Block\Adminhtml\Product\Grid::\_prepareCollection | [protected] Method return typing changed. |
+| Magento\Catalog\Block\Adminhtml\Product\Grid::\_addColumnFilterToCollection | [protected] Method return typing changed. |
+| Magento\Catalog\Block\Adminhtml\Product\Grid::\_prepareColumns | [protected] Method return typing changed. |
+| Magento\Catalog\Block\Adminhtml\Product\Grid::\_prepareMassaction | [protected] Method return typing changed. |
+| Magento\Catalog\Block\Adminhtml\Product\Grid::getGridUrl | [public] Method return typing changed. |
+| Magento\Catalog\Block\Adminhtml\Product\Grid::getRowUrl | [public] Method return typing changed. |
+| Magento\Backend\Block\Store\Switcher::\_construct | [protected] Method return typing changed. |
+| Magento\Wishlist\Model\ResourceModel\Item\Collection::\_renderFiltersBefore | [protected] Method has been added. |
+| Magento\Sales\Model\Order\Address::beforeSave | [public] Method has been added. |
+| Magento\Reports\Block\Adminhtml\Grid::\_\_construct | [public] Method has been added. |
+| Magento\PageCache\Model\Config::VARNISH\_6\_CONFIGURATION\_PATH | Constant has been added. |
+| Magento\Eav\Model\ResourceModel\Entity\Attribute::\_beforeDelete | [protected] Method has been added. |
+| Magento\Directory\Model\ResourceModel\Country::\_\_construct | [public] Method has been added. |
+| Magento\Backend\Model\Url::setScope | [public] Method has been added. |
+
+### Interface changes {#interface-232-233}
+
+| What changed | How it changed |
+| --- | --- |
+| Magento\Vault\Api\PaymentTokenManagementInterface::getListByCustomerId | [public] Method return typing changed. |
+

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.