Bitnami package

magento

pkg:bitnami/magento

Vulnerabilities (96)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-45127	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in
CVE-2024-45128	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a l
CVE-2024-45133	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may
CVE-2024-45124	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on
CVE-2024-45135	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impa
CVE-2024-45130	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a
CVE-2024-45132	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confid
CVE-2024-45131	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a l
CVE-2024-45148	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without pro
CVE-2024-45134	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may
CVE-2024-45129	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low i
CVE-2024-45149	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a
CVE-2024-45125	—	>= 2.4.7-alpha0, < 2.4.7-p3	2.4.7-p3	Oct 10, 2024	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Explo
CVE-2024-34106	—	>= 2.4.7-alpha0, < 2.4.7-p1	2.4.7-p1	Jun 13, 2024	Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the pr
CVE-2024-34103	—	>= 2.4.7-alpha0, < 2.4.7-p1	2.4.7-p1	Jun 13, 2024	Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the a
CVE-2024-34109	—	>= 2.4.7-alpha0, < 2.4.7-p1	2.4.7-p1	Jun 13, 2024	Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but a
CVE-2024-34110	—	>= 2.4.7-alpha0, < 2.4.7-p1	2.4.7-p1	Jun 13, 2024	Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malici
CVE-2024-34111	—	>= 2.4.7-alpha0, < 2.4.7-p1	2.4.7-p1	Jun 13, 2024	Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests vi
CVE-2024-34107	—	>= 2.4.7-alpha0, < 2.4.7-p1	2.4.7-p1	Jun 13, 2024	Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised i
CVE-2024-34105	—	>= 2.4.7-alpha0, < 2.4.7-p1	2.4.7-p1	Jun 13, 2024	Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v

CVE-2024-45127Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in
CVE-2024-45128Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a l
CVE-2024-45133Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may
CVE-2024-45124Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on
CVE-2024-45135Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impa
CVE-2024-45130Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a
CVE-2024-45132Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confid
CVE-2024-45131Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a l
CVE-2024-45148Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without pro
CVE-2024-45134Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may
CVE-2024-45129Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low i
CVE-2024-45149Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a
CVE-2024-45125Oct 10, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p3fixed 2.4.7-p3
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Explo
CVE-2024-34106Jun 13, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the pr
CVE-2024-34103Jun 13, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the a
CVE-2024-34109Jun 13, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but a
CVE-2024-34110Jun 13, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. A high-privilege attacker could exploit this vulnerability by uploading a malici
CVE-2024-34111Jun 13, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests vi
CVE-2024-34107Jun 13, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and view minor unauthorised i
CVE-2024-34105Jun 13, 2024
affected >= 2.4.7-alpha0, < 2.4.7-p1fixed 2.4.7-p1
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v

Page 1 of 5