CVE-2024-34106
Magento Open Source Incorrect Authorization vulnerability
5.3
MEDIUM
CVSS 3.1
EPSS 0.65%
Description
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.
How to fix CVE-2024-34106
To remediate CVE-2024-34106, upgrade the affected package to a fixed version below.
- —upgrade to 2.4.7-p1 or later
- —no fix listed
Is CVE-2024-34106 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.4.7-alpha0, < 2.4.7-p1, >= 2.4.6-alpha0, < 2.4.6-p6, >= 2.4.5-alpha0, < 2.4.5-p8, >= 2.4.4-alpha0, < 2.4.4-p9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |