CVE-2019-8123
MEDIUM5.3EPSS 0.09%Magento 2 Community Edition Insufficient Logging
發布日:2022/5/24修改日:2024/2/16
描述
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes. As per [the Magento Release 2.3.3](https://web.archive.org/web/20201126132230/https://devdocs.magento.com/guides/v2.3/release-notes/release-notes-2-3-3-commerce.html#new-security-only-patch-available), if you have already implemented the pre-release version of this patch (2.3.2-p1), it is highly recommended to promptly upgrade to 2.3.2-p2.
受影響套件(1)
- Packagist/magento/community-edition>= 2.1.0, < 2.1.19
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-8123
- PATCHhttps://github.com/magento/magento2
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-8123.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-8123.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8123.yaml
- WEBhttps://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
- WEBhttps://web.archive.org/web/20211209030216/https://magento.com/security/patches/supee-11219