Missing Support for Integrity Check

CVE-2023-29290

Medium

5.3/10

Summary

Adobe Commerce and Magento Open Source versions through 2.4.4-p3, 2.4.5 through 2.4.5-p2, and 2.4.6 are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. The exploitation of this issue does not require user interaction.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-353 - Missing Support for Integrity Check

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

References

Advisory
Advisory

Advisory Timeline

Published Jun 15, 2023

Missing Support for Integrity Check

CVE-2023-29290

Summary

CWE-353 - Missing Support for Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS