Magento Open Source Cross-Site Request Forgery vulnerability
Moderate severity
GitHub Reviewed
Published
Aug 14, 2024
to the GitHub Advisory Database
•
Updated Sep 16, 2024
Package
Affected versions
>= 2.4.7-p1, < 2.4.7-p2
= 2.4.7
>= 2.4.6-p1, < 2.4.6-p7
= 2.4.6
>= 2.4.5-p1, < 2.4.5-p9
= 2.4.5
< 2.4.4-p10
= 2.4.4
Patched versions
2.4.7-p2
2.4.6-p7
2.4.5-p9
2.4.4-p10
Description
Published by the National Vulnerability Database
Aug 14, 2024
Published to the GitHub Advisory Database
Aug 14, 2024
Reviewed
Sep 16, 2024
Last updated
Sep 16, 2024
Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue requires user interaction.
References