2019-02-12 17:31:37 -05:00
{
2019-08-02 22:00:51 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
2019-03-18 02:35:19 +00:00
"CVE_data_meta" : {
"ID" : "CVE-2019-7929" ,
2019-08-02 22:00:51 +00:00
"ASSIGNER" : "psirt@adobe.com" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "n/a" ,
"product" : {
"product_data" : [
{
"product_name" : "Magento 2" ,
"version" : {
"version_data" : [
{
"version_value" : "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2"
}
]
}
}
]
}
}
]
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Information Leakage"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM" ,
"name" : "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" ,
"url" : "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33"
}
]
2019-03-18 02:35:19 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2019-08-02 22:00:51 +00:00
"value" : "An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request."
2019-03-18 02:35:19 +00:00
}
]
}
}
