Authenticated User Metadata Leakage Vulnerability in Magento 2.x

Authenticated User Metadata Leakage Vulnerability in Magento 2.x

CVE-2019-7929 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request.

Learn more about our User Device Pen Test.