Information Disclosure Vulnerability in Magento 2.x: Privileged User Email Template Data Leak

CVE-2019-7888 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template.

Learn more about our User Device Pen Test.