Miggo Logo
Miggo Vulnerability Database
GHSA-hvgw-gg3p-295j

GHSA-hvgw-gg3p-295j: Read private customer data reclaiming carts in Klaviyo Magento

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-hvgw-gg3p-295j
EPSS Score
-
CWE
CWE-200
Published
5/15/2024
Updated
5/15/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
klaviyo/magento2-extensioncomposer>= 1.0.0, < 3.0.03.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of guest cart identifiers. The key evidence comes from the patch in PR#107 which modifies CartSearchRepository.php to use masked quote IDs instead of raw IDs. The original afterGetList implementation likely exposed raw quote IDs through the Magento API, allowing attackers to hijack guest carts by enumerating these IDs. The researcher's PoC script specifically targets quote IDs to reclaim carts, which would leverage this exposure. The CWE-200 classification confirms this is an information exposure issue.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*s**r***r i**nti*i** *n *n*point in * t*irt* p*rty mo*ul* Kl*viyo M***nto * w*i** *llows to r*** priv*t* *ustom*r **t* *rom stor*s. It works *y r**l*imin* *ny *u*st-**rt *s your own *n* r***in* t** priv*t* **t* *or t** or**rs in t** M***nto *PI.

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* *u*st **rt i**nti*i*rs. T** k*y *vi**n** *om*s *rom t** p*t** in PR#*** w*i** mo*i*i*s **rtS**r**R*pository.p*p to us* m*sk** quot* I*s inst*** o* r*w I*s. T** ori*in*l **t*r**tList impl*m*nt*tion lik