CVE-2019-7951: Magento 2 Community Edition Information Leak

May 24, 2022 (updated July 14, 2023)

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests.

References

github.com/advisories/GHSA-5j25-5hjr-w7m2
nvd.nist.gov/vuln/detail/CVE-2019-7951
web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13

Detect and mitigate CVE-2019-7951 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →