-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description explicitly mentions CSRF leading to role deletion. In Magento's architecture, admin actions typically require form key validation. The absence of this check in the role deletion controller (despite being an admin action) would allow CSRF attacks. This matches the pattern where critical admin actions without CSRF protection are vulnerable to state-changing forged requests.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1.0, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2.0, < 2.2.9 | 2.2.9 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.2 | 2.3.2 |