Description
An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
Scores
CVSS v3
4.9
EPSS
0.0020
EPSS Percentile
41.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (3)
magento/community-edition
2.1.0 - 2.1.19Packagist
magento/magento
2.3.2 (2 CPE variants)
magento/magento
2.1.0 - 2.1.19 (2 CPE variants)
Published
Nov 05, 2019
Tracked Since
Feb 18, 2026