Description

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.

Remediation

References

CVE-2019-7904

Related Vulnerabilities

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.32)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Scripting (3.1.0.4)

PHP Other Vulnerability (CVE-2014-4670)

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Multiple Cross-Site Scripting Vulnerabilities (1.3.2)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)

Severity

Medium

Classification

CVE-2019-7904 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities