What is the severity of CVE-2018-5301?

CVE-2018-5301 is classified as a medium severity vulnerability due to the potential for customer address deletion.

How do I fix CVE-2018-5301?

To mitigate CVE-2018-5301, upgrade to Magento Community Edition 2.0.10 or 2.1.2 or later.

What versions of Magento are affected by CVE-2018-5301?

CVE-2018-5301 affects Magento Community Edition and Enterprise Edition versions prior to 2.0.10 and 2.1.2.

What type of vulnerability is CVE-2018-5301?

CVE-2018-5301 is a Cross-Site Request Forgery (CSRF) vulnerability.

What impact does CVE-2018-5301 have on users?

CVE-2018-5301 allows an attacker to delete a customer's address from the address book without their consent.

Vulnerability/
CVE-2018-5301

medium

6.5

CWE

352

8/1/2018

14/5/2022

3/10/2022

5/8/2024

CVE-2018-5301: CSRF

First published: Mon Jan 08 2018(Updated: )

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resulting in deletion of a customer address from an address book, aka APPSEC-1433.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/magento/community-edition	>=2.1.0<2.1.2	2.1.2
composer/magento/community-edition	<2.0.10	2.0.10
Magento	<2.0.10
Magento	>=2.1.0<2.1.2
Magento	<2.0.10
Magento	>=2.1.0<2.1.2

Remedy

https://magento.com/security/patches/magento-2010-and-212-security-update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-5301?
CVE-2018-5301 is classified as a medium severity vulnerability due to the potential for customer address deletion.
How do I fix CVE-2018-5301?
To mitigate CVE-2018-5301, upgrade to Magento Community Edition 2.0.10 or 2.1.2 or later.
What versions of Magento are affected by CVE-2018-5301?
CVE-2018-5301 affects Magento Community Edition and Enterprise Edition versions prior to 2.0.10 and 2.1.2.
What type of vulnerability is CVE-2018-5301?
CVE-2018-5301 is a Cross-Site Request Forgery (CSRF) vulnerability.
What impact does CVE-2018-5301 have on users?
CVE-2018-5301 allows an attacker to delete a customer's address from the address book without their consent.

agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-w3mq-67mw-3p9f
alias/CVE-2018-5301
agent/software-canonical-lookup
agent/severity
agent/remedy
agent/weakness
agent/references
agent/author
agent/description
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
package-manager/composer
vendor/magento
canonical/magento
version/magento/2.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2018-5301?
CVE-2018-5301 is classified as a medium severity vulnerability due to the potential for customer address deletion.
How do I fix CVE-2018-5301?
To mitigate CVE-2018-5301, upgrade to Magento Community Edition 2.0.10 or 2.1.2 or later.
What versions of Magento are affected by CVE-2018-5301?
CVE-2018-5301 affects Magento Community Edition and Enterprise Edition versions prior to 2.0.10 and 2.1.2.
What type of vulnerability is CVE-2018-5301?
CVE-2018-5301 is a Cross-Site Request Forgery (CSRF) vulnerability.
What impact does CVE-2018-5301 have on users?
CVE-2018-5301 allows an attacker to delete a customer's address from the address book without their consent.