Main Vulnerability Database Vulnerabilities #VU30885

#VU30885 Path traversal in Magento Open Source - CVE-2019-7859

Published: August 3, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30885

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-7859

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Magento Open Source

Software vendor:
Adobe

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control.

Remediation

Install update from vendor's website.

External links

https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24

#VU30885 Path traversal in Magento Open Source - CVE-2019-7859

Description

Remediation

External links

Please verify you're human