{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29888", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-21T15:12:08.997Z", "datePublished": "2024-03-27T18:53:44.698Z", "dateUpdated": "2024-08-02T01:17:58.440Z"}, "containers": {"cna": {"title": "Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method", "problemTypes": [{"descriptions": [{"cweId": "CWE-359", "lang": "en", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"}, {"name": "https://github.com/saleor/saleor/pull/15694", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/pull/15694"}, {"name": "https://github.com/saleor/saleor/pull/15697", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/pull/15697"}, {"name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"}, {"name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"}, {"name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"}, {"name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"}, {"name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"}, {"name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"}, {"name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"}, {"name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "tags": ["x_refsource_MISC"], "url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}], "affected": [{"vendor": "saleor", "product": "saleor", "versions": [{"version": ">= 3.14.56, < 3.14.61", "status": "affected"}, {"version": ">= 3.15.31, < 3.15.37", "status": "affected"}, {"version": ">= 3.16.27, < 3.16.34", "status": "affected"}, {"version": ">= 3.17.25, < 3.17.32", "status": "affected"}, {"version": ">= 3.18.19, < 3.18.28", "status": "affected"}, {"version": ">= 3.19.5, < 3.19.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-27T18:53:44.698Z"}, "descriptions": [{"lang": "en", "value": "Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}], "source": {"advisory": "GHSA-mrj3-f2h4-7w45", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29888", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-27T19:54:53.329148Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:18.651Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.440Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"}, {"name": "https://github.com/saleor/saleor/pull/15694", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/pull/15694"}, {"name": "https://github.com/saleor/saleor/pull/15697", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/pull/15697"}, {"name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"}, {"name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"}, {"name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"}, {"name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"}, {"name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"}, {"name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"}, {"name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"}, {"name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/pull/15694", "name": "https://github.com/saleor/saleor/pull/15694", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/pull/15697", "name": "https://github.com/saleor/saleor/pull/15697", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.440Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29888", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-27T19:54:53.329148Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:38.372Z"}}], "cna": {"title": "Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method", "source": {"advisory": "GHSA-mrj3-f2h4-7w45", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "saleor", "product": "saleor", "versions": [{"status": "affected", "version": ">= 3.14.56, < 3.14.61"}, {"status": "affected", "version": ">= 3.15.31, < 3.15.37"}, {"status": "affected", "version": ">= 3.16.27, < 3.16.34"}, {"status": "affected", "version": ">= 3.17.25, < 3.17.32"}, {"status": "affected", "version": ">= 3.18.19, < 3.18.28"}, {"status": "affected", "version": ">= 3.19.5, < 3.19.15"}]}], "references": [{"url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "name": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/saleor/saleor/pull/15694", "name": "https://github.com/saleor/saleor/pull/15694", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/pull/15697", "name": "https://github.com/saleor/saleor/pull/15697", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "name": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "name": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "name": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "name": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "name": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "name": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "name": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "name": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-27T18:53:44.698Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29888", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:17:58.440Z", "dateReserved": "2024-03-21T15:12:08.997Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-27T18:53:44.698Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}, {"lang": "es", "value": "Saleor es una plataforma de comercio electr\u00f3nico que presta servicios a empresas de gran volumen. Cuando se utiliza \"Pickup: Local stock only\", hacer clic y recoger como m\u00e9todo de entrega en condiciones espec\u00edficas, el cliente podr\u00eda sobrescribir la direcci\u00f3n del almac\u00e9n con la suya propia, lo que expone su direcci\u00f3n como direcci\u00f3n de hacer clic y recoger. Este problema se ha solucionado en las versiones: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}], "id": "CVE-2024-29888", "lastModified": "2024-11-21T09:08:33.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-27T19:15:49.410", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/pull/15694"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/pull/15697"}, {"source": "security-advisories@github.com", "url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/pull/15694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/pull/15697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T22:31:45.897058+00:00", "updated": "2025-07-12T22:31:45.897112+00:00", "vendors": ["saleor", "saleor$PRODUCT$saleor"]}