CVE-2019-8235

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.

An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input.

Existe una vulnerabilidad de referencia directa a objeto (IDOR) no segura en Magento versiones 2.3 anteriores a 2.3.1, versiones 2.2 anteriores a 2.2.8 y versiones 2.1 anteriores a 2.1.17. Un usuario autenticado puede visualizar los detalles de envío identificables personalmente de otro usuario debido a una comprobación insuficiente de una entrada controlada por el usuario.