-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2, < 2.2.9 | 2.2.9 |
| magento/community-edition | composer | >= 2.3, < 2.3.2 | 2.3.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from insufficient authorization checks when modifying company user associations. Magento's company management typically uses controllers under the Company module's Adminhtml area. The Save action in the user management controller is a logical point where authorization context checks (validating admin's access to the target company) would be missing, allowing admins to manipulate unauthorized company accounts. While no direct code diffs are available, the pattern matches Magento's architecture and the described attack vector.