Violation of Secure Design Principles

CVE-2021-28583

Medium

4.2/10

Summary

Magento versions through 2.3.6-p1, 2.4.0 through 2.4.2 are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-657 - Violation of Secure Design Principles

The product violates well-established principles for secure design.

References

Advisory
Advisory

Advisory Timeline

Published Jun 28, 2021

Violation of Secure Design Principles

CVE-2021-28583

Summary

CWE-657 - Violation of Secure Design Principles

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS