📚 [PRODSECBUG-2307] Insufficient enforcement of user access controls could lead to unauthorized environment configuration changes - CVE-2019-7904

🕛 Zeit seit Veröffentlichung: 1248 Tage, 11 Stunden 20 Minuten
📆 Veröffentlicht am: 03.12.2020 um 10:59 Uhr
💡 Newskategorie: Sicherheitslücken
🔗 Quelle: portal.patchman.co

Insufficient enforcement of user access controls could be abused by a low-privileged user to make unauthorized environment configuration changes, such as removing security controls.

Part of update Magento 2.3.2, 2.2.9 and 2.1.18 Security Update 1/3

This vulnerability affects the following application versions:

• Magento 2.1.0
• Magento 2.1.1
• Magento 2.1.2
• Magento 2.1.3
• Magento 2.1.4
• Magento 2.1.5
• Magento 2.1.6
• Magento 2.1.7
• Magento 2.1.8
• Magento 2.1.9
• Magento 2.1.10
• Magento 2.1.11
• Magento 2.1.12
• Magento 2.1.13
• Magento 2.1.14
• Magento 2.1.15
• Magento 2.1.16
• Magento 2.1.17
• Magento 2.2.0
• Magento 2.2.1
• Magento 2.2.2
• Magento 2.2.3
• Magento 2.2.4
• Magento 2.2.5
• Magento 2.2.6
• Magento 2.2.7
• Magento 2.2.8
• Magento 2.3.0
• Magento 2.3.1

...