Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Authorization Bypass Through User-Controlled Key Vulnerability - CVE-2019-8235 - Vulnerability Database
Magento

Magento Authorization Bypass Through User-Controlled Key Vulnerability - CVE-2019-8235

Medium
Reference: CVE-2019-8235
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-8235
Title: Magento Authorization Bypass Through User-Controlled Key Vulnerability
Overview:

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1 2.2 prior to 2.2.8 and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.