First published: Fri Oct 13 2023(Updated: )
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/magento/project-community-edition | <=2.0.2 | |
composer/magento/community-edition | >=2.4.4-p1<2.4.4-p6 | 2.4.4-p6 |
composer/magento/community-edition | >=2.4.5-p1<2.4.5-p5 | 2.4.5-p5 |
composer/magento/community-edition | >=2.4.6-p1<2.4.6-p3 | 2.4.6-p3 |
composer/magento/community-edition | =2.4.4 | |
composer/magento/community-edition | =2.4.5 | |
composer/magento/community-edition | =2.4.6 | |
composer/magento/community-edition | =2.4.7-beta1 | 2.4.7-beta2 |
Adobe Magento Commerce | =2.3.7 | |
Adobe Magento Commerce | =2.3.7-p1 | |
Adobe Magento Commerce | =2.3.7-p2 | |
Adobe Magento Commerce | =2.3.7-p3 | |
Adobe Magento Commerce | =2.3.7-p4 | |
Adobe Magento Commerce | =2.3.7-p4-ext1 | |
Adobe Magento Commerce | =2.3.7-p4-ext2 | |
Adobe Magento Commerce | =2.3.7-p4-ext3 | |
Adobe Magento Commerce | =2.3.7-p4-ext4 | |
Adobe Magento Commerce | =2.4.0 | |
Adobe Magento Commerce | =2.4.0-ext-1 | |
Adobe Magento Commerce | =2.4.0-ext-2 | |
Adobe Magento Commerce | =2.4.0-ext-3 | |
Adobe Magento Commerce | =2.4.0-ext-4 | |
Adobe Magento Commerce | =2.4.1 | |
Adobe Magento Commerce | =2.4.1-ext-1 | |
Adobe Magento Commerce | =2.4.1-ext-2 | |
Adobe Magento Commerce | =2.4.1-ext-3 | |
Adobe Magento Commerce | =2.4.1-ext-4 | |
Adobe Magento Commerce | =2.4.2 | |
Adobe Magento Commerce | =2.4.2-ext-1 | |
Adobe Magento Commerce | =2.4.2-ext-2 | |
Adobe Magento Commerce | =2.4.2-ext-3 | |
Adobe Magento Commerce | =2.4.2-ext-4 | |
Adobe Magento Commerce | =2.4.3 | |
Adobe Magento Commerce | =2.4.3-ext-1 | |
Adobe Magento Commerce | =2.4.3-ext-2 | |
Adobe Magento Commerce | =2.4.3-ext-3 | |
Adobe Magento Commerce | =2.4.3-ext-4 | |
Adobe Magento Commerce | =2.4.4 | |
Adobe Magento Commerce | =2.4.4-p1 | |
Adobe Magento Commerce | =2.4.4-p2 | |
Adobe Magento Commerce | =2.4.4-p3 | |
Adobe Magento Commerce | =2.4.4-p4 | |
Adobe Magento Commerce | =2.4.4-p5 | |
Adobe Magento Commerce | =2.4.5 | |
Adobe Magento Commerce | =2.4.5-p1 | |
Adobe Magento Commerce | =2.4.5-p2 | |
Adobe Magento Commerce | =2.4.5-p3 | |
Adobe Magento Commerce | =2.4.5-p4 | |
Adobe Magento Commerce | =2.4.5-p5 | |
Adobe Magento Commerce | =2.4.6 | |
Adobe Magento Commerce | =2.4.6-p1 | |
Adobe Magento Commerce | =2.4.6-p2 | |
Adobe Magento Commerce | =2.4.7-b1 | |
Magento | =2.4.4 | |
Magento | =2.4.4-p1 | |
Magento | =2.4.4-p2 | |
Magento | =2.4.4-p3 | |
Magento | =2.4.5 | |
Magento | =2.4.5-p1 | |
Magento | =2.4.5-p2 | |
Magento | =2.4.5-p3 | |
Magento | =2.4.5-p4 | |
Magento | =2.4.6 | |
Magento | =2.4.6-p1 | |
Magento | =2.4.6-p2 | |
Magento | =2.4.7-b1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-38220 has been classified as a high severity vulnerability due to its potential to bypass security features and access unauthorized data.
To fix CVE-2023-38220, you should update your Adobe Commerce to version 2.4.7 or 2.4.6-p3 and later, or apply the latest security patches.
Affected versions include Adobe Commerce 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier, and 2.4.4-p5 and earlier.
Yes, CVE-2023-38220 can be exploited remotely by an attacker to gain access to unauthorized data.
The impact of CVE-2023-38220 includes data breaches and unauthorized access to sensitive information in affected Adobe Commerce installations.