cvelistv5 - cve-2024-20719

▼	URL	Tags
	psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb24-03.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/magento/apsb24-03.html	Vendor Advisory

gsd-2024-20719

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.

Aliases

CVE-2024-20719

Aliases

CVE-2024-20719

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2024-20719",
    "id": "GSD-2024-20719"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-20719"
      ],
      "details": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. ",
      "id": "GSD-2024-20719",
      "modified": "2023-12-13T01:21:43.165023Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2024-20719",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Commerce",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThanOrEqual": "2.4.4-p6",
                                "status": "affected",
                                "version": "0",
                                "versionType": "semver"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Adobe"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. "
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "HIGH",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "Cross-site Scripting (Stored XSS) (CWE-79)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/magento/apsb24-03.html",
            "refsource": "MISC",
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
                    "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
                    "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
                    "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
                    "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
                    "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
                    "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
                    "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
                    "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
                    "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
                    "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
                    "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
                    "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
                    "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
                    "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
                    "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
                    "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
                    "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. "
          },
          {
            "lang": "es",
            "value": "Las versiones 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que podr\u00eda ser aprovechada por un atacante administrador para inyectar secuencias de comandos maliciosas en cada p\u00e1gina administrada. Se puede ejecutar JavaScript malicioso en el navegador de la v\u00edctima cuando navega a la p\u00e1gina que contiene el campo vulnerable, que podr\u00eda aprovecharse para obtener acceso de administrador."
          }
        ],
        "id": "CVE-2024-20719",
        "lastModified": "2024-02-16T20:30:40.470",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.3,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.3,
              "impactScore": 6.0,
              "source": "psirt@adobe.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-02-15T14:15:46.077",
        "references": [
          {
            "source": "psirt@adobe.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
          }
        ],
        "sourceIdentifier": "psirt@adobe.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "psirt@adobe.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

wid-sec-w-2024-0384

Vulnerability from csaf_certbund

Published

2024-02-13 23:00

Modified

2024-04-07 22:00

Summary

Adobe Magento: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Magento ist ein Online-Shop System von Adobe.

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen in Adobe Magento ausnutzen, um Cross-Site-Scripting (XSS)-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Magento ist ein Online-Shop System von Adobe.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Adobe Magento ausnutzen, um Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0384 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0384.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0384 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0384"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin - APSB24-03 vom 2024-02-13",
        "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
      },
      {
        "category": "external",
        "summary": "Sansec research vom 2024-04-07",
        "url": "https://sansec.io/research/magento-xml-backdoor"
      }
    ],
    "source_lang": "en-US",
    "title": "Adobe Magento: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-07T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:05:14.465+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0384",
      "initial_release_date": "2024-02-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-04-07T22:00:00.000+00:00",
          "number": "2",
          "summary": "Exploit aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 2.4.6-p4",
                "product": {
                  "name": "Adobe Magento \u003c 2.4.6-p4",
                  "product_id": "T032751"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 2.4.5-p6",
                "product": {
                  "name": "Adobe Magento \u003c 2.4.5-p6",
                  "product_id": "T032752"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c 2.4.4-p7",
                "product": {
                  "name": "Adobe Magento \u003c 2.4.4-p7",
                  "product_id": "T032753"
                }
              }
            ],
            "category": "product_name",
            "name": "Magento"
          }
        ],
        "category": "vendor",
        "name": "Adobe"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-20716",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Magento. Diese Fehler bestehen aufgrund einer OS-Befehlsinjektion, eines unkontrollierten Ressourcenverbrauchs und eines Cross-Site Request Forgery-Problems. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "release_date": "2024-02-13T23:00:00.000+00:00",
      "title": "CVE-2024-20716"
    },
    {
      "cve": "CVE-2024-20717",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Magento. Diese Fehler bestehen aufgrund einer OS-Befehlsinjektion, eines unkontrollierten Ressourcenverbrauchs und eines Cross-Site Request Forgery-Problems. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "release_date": "2024-02-13T23:00:00.000+00:00",
      "title": "CVE-2024-20717"
    },
    {
      "cve": "CVE-2024-20718",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Magento. Diese Fehler bestehen aufgrund einer OS-Befehlsinjektion, eines unkontrollierten Ressourcenverbrauchs und eines Cross-Site Request Forgery-Problems. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "release_date": "2024-02-13T23:00:00.000+00:00",
      "title": "CVE-2024-20718"
    },
    {
      "cve": "CVE-2024-20719",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Magento. Diese Fehler bestehen aufgrund einer OS-Befehlsinjektion, eines unkontrollierten Ressourcenverbrauchs und eines Cross-Site Request Forgery-Problems. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "release_date": "2024-02-13T23:00:00.000+00:00",
      "title": "CVE-2024-20719"
    },
    {
      "cve": "CVE-2024-20720",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Adobe Magento. Diese Fehler bestehen aufgrund einer OS-Befehlsinjektion, eines unkontrollierten Ressourcenverbrauchs und eines Cross-Site Request Forgery-Problems. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
        }
      ],
      "release_date": "2024-02-13T23:00:00.000+00:00",
      "title": "CVE-2024-20720"
    }
  ]
}

ghsa-264g-f7v8-q5qq

Vulnerability from github

Published

2024-02-15 15:30

Modified

2024-02-16 21:31

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-20719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-15T14:15:46Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. ",
  "id": "GHSA-264g-f7v8-q5qq",
  "modified": "2024-02-16T21:31:31Z",
  "published": "2024-02-15T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20719"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb24-03.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-20719

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2024-20719

Vulnerability from cvelistv5

gsd-2024-20719

Vulnerability from gsd

wid-sec-w-2024-0384

Vulnerability from csaf_certbund

ghsa-264g-f7v8-q5qq

Vulnerability from github

Tags

Sightings

Nomenclature