- Description
- Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange() mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- saleor
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-204
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "276853A9-A9F2-46A0-8B3F-1C4706BD134C",
"versionEndExcluding": "3.20.118",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2312AF3F-A049-4E4B-AAEF-21D7B5463A3A",
"versionEndExcluding": "3.21.54",
"versionStartIncluding": "3.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB6E342-967D-4F4D-9869-BC24C630ACEF",
"versionEndExcluding": "3.22.47",
"versionStartIncluding": "3.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:saleor:saleor:3.23.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "086CBDFF-B1C4-4AD4-9F39-00B028E29338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:saleor:saleor:3.23.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "404B7EE8-9CE0-4B8D-B0B7-2DF60F355E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:saleor:saleor:3.23.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "6DD7D745-F558-4CBE-9110-2F7DCBCF4D2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]