High severityNVD Advisory· Published Jun 13, 2024· Updated Sep 17, 2024
Adobe Commerce | Improper Authorization (CWE-285)
CVE-2024-34104
Description
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.4.6-p1, < 2.4.6-p6 | 2.4.6-p6 |
magento/community-editionPackagist | >= 2.4.5-p1, < 2.4.5-p8 | 2.4.5-p8 |
magento/community-editionPackagist | < 2.4.4-p9 | 2.4.4-p9 |
Affected products
3- osv-coords2 versions
>= 2.4.7-alpha0, < 2.4.7-p1+ 1 more
- (no CPE)range: >= 2.4.7-alpha0, < 2.4.7-p1
- (no CPE)
- Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-wwj3-573j-rvvmghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb24-40.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-34104ghsaADVISORY
- github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799ghsaWEB
- github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2ghsaWEB
- github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83cghsaWEB
- github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482ghsaWEB
News mentions
0No linked articles in our index yet.