Magento Improper Access Control vulnerability
Moderate severity
GitHub Reviewed
Published
Feb 11, 2025
to the GitHub Advisory Database
•
Updated Feb 28, 2025
Package
Affected versions
>= 2.4.7-beta1, < 2.4.7-p4
>= 2.4.6-p1, < 2.4.6-p9
>= 2.4.5-p1, < 2.4.5-p11
< 2.4.4-p12
= 2.4.7
= 2.4.6
= 2.4.5
= 2.4.4
= 2.4.8-beta1
Patched versions
2.4.7-p4
2.4.6-p9
2.4.5-p11
2.4.4-p12
Description
Published by the National Vulnerability Database
Feb 11, 2025
Published to the GitHub Advisory Database
Feb 11, 2025
Reviewed
Feb 28, 2025
Last updated
Feb 28, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
References