Description
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-4731 | A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation. |
Github GHSA |
GHSA-p9vf-4jx2-5hpp | Magento 2 Community Edition Security Bypass |
References
History
No history.
Status: PUBLISHED
Assigner: adobe
Published:
Updated: 2024-08-04T21:10:32.931Z
Reserved: 2019-02-12T00:00:00.000Z
Link: CVE-2019-8112
No data.
Status : Modified
Published: 2019-11-05T23:15:11.913
Modified: 2026-06-17T02:41:30.727
Link: CVE-2019-8112
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-345
Insufficient Verification of Data Authenticity
EUVD
Github GHSA