Miggo Logo
Miggo Vulnerability Database
CVE-2024-39408

CVE-2024-39408: Magento Open Source Cross-Site Request Forgery vulnerability

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-39408
GHSA ID
GHSA-4cj6-f32v-6hgx
EPSS Score
0.33288%
CWE
CWE-352
Published
8/14/2024
Updated
9/16/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/community-editioncomposer>= 2.4.7-p1, < 2.4.7-p22.4.7-p2
magento/community-editioncomposer= 2.4.7
magento/community-editioncomposer>= 2.4.6-p1, < 2.4.6-p72.4.6-p7
magento/community-editioncomposer= 2.4.6
magento/community-editioncomposer>= 2.4.5-p1, < 2.4.5-p92.4.5-p9
magento/community-editioncomposer= 2.4.5
magento/community-editioncomposer< 2.4.4-p102.4.4-p10
magento/community-editioncomposer= 2.4.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability pattern suggests missing CSRF protections in state-changing endpoints. While exact patch details are unavailable, analysis focuses on: 1) Common user interaction points mentioned in advisories 2) Magento's typical CSRF protection patterns using @Csrf annotations 3) Controller actions handling minor data modifications matching 'unauthorized actions' description 4) Historical CSRF issues in customer-facing endpoints. Confidence is medium due to indirect evidence but strong correlation with Magento's security patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M***nto Op*n Sour** v*rsions *.*.*-p*, *.*.*-p*, *.*.*-p*, *.*.*-p* *n* **rli*r *r* *****t** *y * *ross-Sit* R*qu*st *or**ry (*SR*) vuln*r**ility t**t *oul* *llow *n *tt**k*r to *yp*ss s**urity ***tur*s *n* p*r*orm minor un*ut*oris** **tions on ****l

Reasoning

T** vuln*r**ility p*tt*rn su***sts missin* *SR* prot**tions in st*t*-***n*in* *n*points. W*il* *x**t p*t** **t*ils *r* un*v*il**l*, *n*lysis *o*us*s on: *) *ommon us*r int*r**tion points m*ntion** in **visori*s *) M***nto's typi**l *SR* prot**tion p*