User Access Control Vulnerability in Magento 2.1, 2.2, and 2.3

CVE-2019-7904 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.

Learn more about our User Device Pen Test.