Description

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Remediation

References

CVE-2019-8090

Related Vulnerabilities

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-14174)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)

WordPress Plugin Htaccess by BestWebSoft Cross-Site Scripting (1.4)

Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-43082)

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)

Severity

Medium

Classification

CVE-2019-8090 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities