Unintended User Role Deletion Vulnerability in Magento 2.x

Unintended User Role Deletion Vulnerability in Magento 2.x

CVE-2019-7874 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.

Learn more about our User Device Pen Test.