CVE Vulnerabilities

CVE-2019-7888

Published: Aug 02, 2019 | Modified: Jul 21, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.

Affected Software

Name Vendor Start Version End Version
Magento Magento 2.1.0 (including) 2.1.18 (excluding)
Magento Magento 2.2.0 (including) 2.2.9 (excluding)
Magento Magento 2.3.0 (including) 2.3.2 (excluding)

References