CVE-2023-26051

{"id": "CVE-2023-26051", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-03-02T19:15:10.667", "references": [{"url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.1.48", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.10.14", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.11.12", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.7.59", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.8.30", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.9.27", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.1.48", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.10.14", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.11.12", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.7.59", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.8.30", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/saleor/saleor/releases/tag/3.9.27", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-209"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.\n"}], "lastModified": "2024-11-21T07:50:39.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32910EFF-045F-4F93-BBD2-8D370D8DC6EB", "versionEndExcluding": "3.1.48", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "087E100F-63DE-4F84-9410-77BB517D14E3", "versionEndExcluding": "3.7.59", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE021955-5B68-4626-8C74-534A3C0BFA62", "versionEndExcluding": "3.8.30", "versionStartIncluding": "3.8.0"}, {"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B87F6451-DB7D-47E2-9265-86EFF197727B", "versionEndExcluding": "3.9.27", "versionStartIncluding": "3.9.0"}, {"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10A27FA1-6BA8-4678-A27E-16BFDD241DCB", "versionEndExcluding": "3.10.14", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A86A9221-83AB-4977-81AD-83364AF05B9C", "versionEndExcluding": "3.11.12", "versionStartIncluding": "3.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}