Description

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management.

Remediation

References

CVE-2019-8108

Related Vulnerabilities

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.13.35)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Security Bypass (3.1.1.4.1)

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)

WordPress CVE-2012-2400 Vulnerability (CVE-2012-2400)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2949)

Severity

Medium

Classification

CVE-2019-8108 CWE-287 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities