Description

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.

Remediation

References

CVE-2019-7874

Related Vulnerabilities

WordPress Plugin Woocommerce Products Price Bulk Edit Cross-Site Scripting (2.2.0)

MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4629)

WordPress Plugin BuddyPress Unspecified Vulnerability (2.6.0)

WordPress Plugin WordPress Mobile Pack Information Disclosure (2.1.2)

WordPress Plugin GN Publisher: Google News Compatible RSS Feeds Cross-Site Scripting (1.5.5)

Severity

Medium

Classification

CVE-2019-7874 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities