CVE-2019-7858
First published: Tue Jun 25 2019(Updated: )
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/magento/product-community-edition | >=2.1<2.1.18>=2.2<2.2.9>=2.3<2.3.2 | |
| composer/magento/community-edition | >=2.3.0<2.3.2 | 2.3.2 |
| composer/magento/community-edition | >=2.2.0<2.2.9 | 2.2.9 |
| composer/magento/community-edition | >=2.1.0<2.1.18 | 2.1.18 |
| CentOS Libgcc | >=2.1.0<2.1.18 | |
| CentOS Libgcc | >=2.2.0<2.2.9 | |
| CentOS Libgcc | >=2.3.0<2.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
- https://nvd.nist.gov/vuln/detail/CVE-2019-7858
- https://web.archive.org/web/20220121051916/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
- https://github.com/advisories/GHSA-7h8v-f2g9-39fx (Advisory)
- https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7858.yaml
Frequently Asked Questions
What is the severity of CVE-2019-7858?
CVE-2019-7858 is considered to have a high severity due to its potential for brute force attacks on sensitive information.
Which versions of Magento are affected by CVE-2019-7858?
CVE-2019-7858 affects Magento 2.1 prior to 2.1.18, 2.2 prior to 2.2.9, and 2.3 prior to 2.3.2.
How do I fix CVE-2019-7858?
To fix CVE-2019-7858, upgrade to Magento versions 2.1.18, 2.2.9, or 2.3.2 or later.
What kind of information is compromised in CVE-2019-7858?
CVE-2019-7858 can lead to the storage of sensitive user credentials in an insecure manner.
Is there a patch available for CVE-2019-7858?
Yes, Magento has released security updates that address CVE-2019-7858 in the specified versions.
- collector/friends-of-php
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-7h8v-f2g9-39fx
- alias/CVE-2019-7858
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/magento
- canonical/centos libgcc
- version/centos libgcc/2.1.0
- version/centos libgcc/2.2.0
- version/centos libgcc/2.3.0