-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.1.0, < 2.1.18 | 2.1.18 |
| magento/community-edition | composer | >= 2.2.0, < 2.2.9 | 2.2.9 |
| magento/community-edition | composer | >= 2.3.0, < 2.3.2 | 2.3.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper access control in SOAP endpoints handling customer data. CustomerRepositoryInterface::getById is a core method for customer data retrieval, and improper authorization here would directly enable ID-based enumeration. The Validate controller's execute() method handles customer validation requests, and missing ACL checks would allow unauthorized access. Both align with the CWE-200 pattern of exposing sensitive data through insufficient access controls in API endpoints.
Ongoing coverage of React2Shell