Description
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation.
Remediation
References
Related Vulnerabilities
MediaWiki Resource Management Errors Vulnerability (CVE-2015-6733)
MySQL CVE-2013-1526 Vulnerability (CVE-2013-1526)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6514)
MySQL CVE-2023-21883 Vulnerability (CVE-2023-21883)
WordPress Plugin Indexisto WordPress Site Search Cross-Site Scripting (1.0.5)