CVE-2019-7874
MEDIUMMagento 2.1.0-2.1.17, 2.2.0-2.2.8, 2.3.0-2.3.1 - Cross-Site Request Forgery
Title source: llmDescription
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
Scores
CVSS v3
6.5
EPSS
0.0003
EPSS Percentile
9.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (2)
magento/community-edition
2.1.0 - 2.1.18Packagist
magento/magento
2.1.0 - 2.1.18
Published
Aug 02, 2019
Tracked Since
Feb 18, 2026