Description

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.

Remediation

References

CVE-2019-7874

Related Vulnerabilities

Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6172)

Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2021-25329)

WordPress Plugin Universal Analytics Cross-Site Scripting (1.3.0)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1579)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.51)

Severity

Medium

Classification

CVE-2019-7874 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities