CVE-2023-43664: Improper Privilege Management

September 28, 2023

PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule does not check access rights. This issue has been addressed in commit 15bd281c which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.

References

github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j
github.com/advisories/GHSA-gvrg-62jp-rf7j

Code Behaviors & Features

Detect and mitigate CVE-2023-43664 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →