CVE-2019-8155

Summary

Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.

Affected Software

VendorProductVersion RangeStatus
Adobe Systems IncorporatedMagento 1Magento Open Source prior to 1.9.4.3affected
Adobe Systems IncorporatedMagento 1Magento Commerce prior to 1.14.4.3affected

Weaknesses

  • Information leakage

ADP Enrichment

CVE Program Container

Additional References

References