CVE-2019-7904: Magento 2 Community Edition Insufficient Access Controls

May 24, 2022 (updated August 1, 2023)

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes.

References

github.com/advisories/GHSA-5hcx-vg88-hgpm
nvd.nist.gov/vuln/detail/CVE-2019-7904
web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13

Detect and mitigate CVE-2019-7904 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →