CVE-2023-26051
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| saleor | saleor | >= 2.0.0, < 3.1.48 | affected |
| saleor | saleor | >= 3.11.0, < 3.11.12 | affected |
| saleor | saleor | >= 3.10.0, < 3.10.14 | affected |
| saleor | saleor | >= 3.9.0, < 3.9.27 | affected |
| saleor | saleor | >= 3.8.0, < 3.8.30 | affected |
| saleor | saleor | >= 3.7.0, < 3.7.59 | affected |
Weaknesses
- CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85
- https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1
- https://github.com/saleor/saleor/releases/tag/3.1.48
- https://github.com/saleor/saleor/releases/tag/3.10.14
- https://github.com/saleor/saleor/releases/tag/3.11.12
- https://github.com/saleor/saleor/releases/tag/3.7.59
- https://github.com/saleor/saleor/releases/tag/3.8.30
- https://github.com/saleor/saleor/releases/tag/3.9.27
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85
- https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1
- https://github.com/saleor/saleor/releases/tag/3.1.48
- https://github.com/saleor/saleor/releases/tag/3.10.14
- https://github.com/saleor/saleor/releases/tag/3.11.12
- https://github.com/saleor/saleor/releases/tag/3.7.59
- https://github.com/saleor/saleor/releases/tag/3.8.30
- https://github.com/saleor/saleor/releases/tag/3.9.27
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.