Moderate severityNVD Advisory· Published Jun 13, 2024· Updated Aug 2, 2024
Insecure Direct Object Reference - An attacker can able to erase the victim quote details
CVE-2024-34106
Description
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.4.6-p1, < 2.4.6-p6 | 2.4.6-p6 |
magento/community-editionPackagist | >= 2.4.5-p1, < 2.4.5-p8 | 2.4.5-p8 |
magento/community-editionPackagist | < 2.4.4-p9 | 2.4.4-p9 |
Affected products
3- osv-coords2 versions
>= 2.4.7-alpha0, < 2.4.7-p1+ 1 more
- (no CPE)range: >= 2.4.7-alpha0, < 2.4.7-p1
- (no CPE)
- Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-p6h9-gx5g-wg64ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb24-40.htmlghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-34106ghsaADVISORY
- github.com/magento/magento2/commit/30877fce83b793f71421c47347885cf076e81799ghsaWEB
- github.com/magento/magento2/commit/a3c6d6e5e95e63031e4df26cfcf76feace7549c2ghsaWEB
- github.com/magento/magento2/commit/c5c538810b87449886f4669cb8abbe8e5593c83cghsaWEB
- github.com/magento/magento2/commit/d10435b11ada4e502dca7539f8fd31d059d3c482ghsaWEB
News mentions
0No linked articles in our index yet.