Description

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request.

Remediation

References

CVE-2019-7929

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43558)

MySQL CVE-2012-0492 Vulnerability (CVE-2012-0492)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6403)

WordPress Plugin Yoast SEO Cross-Site Scripting (22.5)

Severity

Medium

Classification

CVE-2019-7929 CWE-200 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities