CVE-2023-26051

Summary

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.

Affected Software

VendorProductVersion RangeStatus
saleorsaleor>= 2.0.0, < 3.1.48affected
saleorsaleor>= 3.11.0, < 3.11.12affected
saleorsaleor>= 3.10.0, < 3.10.14affected
saleorsaleor>= 3.9.0, < 3.9.27affected
saleorsaleor>= 3.8.0, < 3.8.30affected
saleorsaleor>= 3.7.0, < 3.7.59affected

Weaknesses

  • CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References