Description

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.

Remediation

References

CVE-2019-7874

Related Vulnerabilities

Atlassian Jira Missing Authorization Vulnerability (CVE-2019-15013)

WordPress Plugin Bad Behavior Multiple Cross-Site Scripting Vulnerabilities (2.2.4)

WordPress Plugin Banner Garden Multiple Cross-Site Scripting Vulnerabilities (0.1.3)

Joomla Incorrect Authorization Vulnerability (CVE-2020-11889)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-35029)

Severity

Medium

Classification

CVE-2019-7874 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities