Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://magento.com/security/patches/supee-11219 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2019-11-05T23:52:16
Updated: 2024-08-04T21:10:33.496Z
Reserved: 2019-02-12T00:00:00
Link: CVE-2019-8155
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-06T00:15:12.763
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-8155
Redhat
No data.