Description
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.
Remediation
References
Related Vulnerabilities
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4066)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0018)
IBM RTC Generation of Error Message Containing Sensitive Information (CVE-2020-4487)
WordPress Plugin Shortcode Factory Local File Inclusion (2.7)
WordPress Plugin WP Telegram (Auto Post and Notifications) Unspecified Vulnerability (2.1.8)