-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability involves improper access control leading to privilege escalation. Magento's RBAC system relies on controller-level ACL checks and model-level permission validation(). Common failure points include missing @Acl annotations in controllers, insufficient validation() in user/role persistence logic, or flawed authorization service implementations. The listed functions are speculative but align with historical Magento access control flaws (e.g., CVE-2022-24086). Confidence is medium due to the absence of patch details, but the patterns match the described CWE-284 behavior.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| magento/community-edition | composer | >= 2.4.7-beta1, < 2.4.7-p3 | 2.4.7-p3 |
| magento/community-edition | composer | >= 2.4.6-p1, < 2.4.6-p8 | 2.4.6-p8 |
| magento/community-edition | composer | >= 2.4.5-p1, < 2.4.5-p10 | 2.4.5-p10 |
| magento/community-edition | composer | < 2.4.4-p11 | 2.4.4-p11 |
| magento/community-edition | composer | = 2.4.7 | |
| magento/community-edition | composer | = 2.4.6 | |
| magento/community-edition | composer | = 2.4.5 | |
| magento/community-edition | composer | = 2.4.4 |
Ongoing coverage of React2Shell