{"containers": {"cna": {"affected": [{"product": "Magento", "vendor": "Adobe", "versions": [{"status": "affected", "version": "2.3 prior to 2.3.1"}, {"status": "affected", "version": "2.2 prior to 2.2.8"}, {"status": "affected", "version": "2.1 prior to 2.1.17"}]}], "descriptions": [{"lang": "en", "value": "An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input."}], "problemTypes": [{"descriptions": [{"description": "Insecure Direct Object Reference (IDOR)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-29T23:05:56", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2019-8235", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Magento", "version": {"version_data": [{"version_value": "2.3 prior to 2.3.1"}, {"version_value": "2.2 prior to 2.2.8"}, {"version_value": "2.1 prior to 2.1.17"}]}}]}, "vendor_name": "Adobe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure Direct Object Reference (IDOR)"}]}]}, "references": {"reference_data": [{"name": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update", "refsource": "CONFIRM", "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:17:29.942Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update"}]}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2019-8235", "datePublished": "2019-10-29T23:05:56", "dateReserved": "2019-02-12T00:00:00", "dateUpdated": "2024-08-04T21:17:29.942Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "matchCriteriaId": "FCA87878-4437-418E-8D19-D40674FBEE1D", "versionEndExcluding": "2.1.17", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "matchCriteriaId": "2B7B6D6D-3481-4E8D-B5FC-D06AC7B727F1", "versionEndExcluding": "2.1.17", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "matchCriteriaId": "5AF193BC-1111-4879-BEC2-5423F3EA3D85", "versionEndExcluding": "2.2.8", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "matchCriteriaId": "B7B7D3EB-54DB-4B69-A4EE-61F44328C371", "versionEndExcluding": "2.2.8", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "matchCriteriaId": "2F1D18BC-47FA-4BAD-8BDD-0DF4779531CE", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "matchCriteriaId": "050A96AF-2F85-476F-A704-6540C8895362", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input."}, {"lang": "es", "value": "Existe una vulnerabilidad de referencia directa a objeto (IDOR) no segura en Magento versiones 2.3 anteriores a 2.3.1, versiones 2.2 anteriores a 2.2.8 y versiones 2.1 anteriores a 2.1.17. Un usuario autenticado puede visualizar los detalles de env\u00edo identificables personalmente de otro usuario debido a una comprobaci\u00f3n insuficiente de una entrada controlada por el usuario."}], "id": "CVE-2019-8235", "lastModified": "2024-11-21T04:49:32.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-30T00:15:12.740", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}