Description

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation.

Remediation

References

CVE-2019-7855

Related Vulnerabilities

Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-7889)

WordPress Plugin Comments Like Dislike Security Bypass (1.1.3)

WordPress Plugin Community Events SQL Injection (1.3.5)

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10334)

WordPress Plugin WooCommerce Checkout For Digital Goods Cross-Site Request Forgery (2.2)

Severity

Medium

Classification

CVE-2019-7855 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities