Critical severityNVD Advisory· Published Jun 13, 2024· Updated Aug 2, 2024
Customer account takeover via web API call & subsequent password reset
CVE-2024-34103
Description
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.4.6-p1, < 2.4.6-p6 | 2.4.6-p6 |
magento/community-editionPackagist | >= 2.4.5-p1, < 2.4.5-p8 | 2.4.5-p8 |
magento/community-editionPackagist | < 2.4.4-p9 | 2.4.4-p9 |
Affected products
3- osv-coords2 versions
>= 2.4.7-alpha0, < 2.4.7-p1+ 1 more
- (no CPE)range: >= 2.4.7-alpha0, < 2.4.7-p1
- (no CPE)
- Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-f7q4-9gwv-6774ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb24-40.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-34103ghsaADVISORY
- github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799ghsaWEB
- github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2ghsaWEB
- github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83cghsaWEB
- github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482ghsaWEB
News mentions
0No linked articles in our index yet.