Description

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature.

Remediation

References

CVE-2019-8090

Related Vulnerabilities

Django Improper Input Validation Vulnerability (CVE-2019-3498)

WordPress Plugin Live Forms-Visual Form Builder SQL Injection (3.0.1)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1551)

WordPress Plugin Woocommerce User Email Verification Security Bypass (3.3.0)

Jenkins Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2017-1000503)

Severity

Medium

Classification

CVE-2019-8090 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities