S

SUPEE-10888

SUPEE-10888, Magento patch released on September 18, 2018, contain multiple security enhancements that help close cross-site scripting (XSS), cross-site request forgery (CSRF) and several other vulnerabilities.

APPSEC-2061: Authenticated Unauthorised Data Access Via Layout Injection
Type: XML injection
CVSSv3 Severity: 6.9
Known Attacks: None
Description: An administrator with limited permissions might be able to obtain information outside of his permissions.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter:
APPSEC-1971: Reflective XSS against Admin Panel
Type: General: Cross Site Scripting (reflective)
CVSSv3 Severity: 6.1
Known Attacks: None
Description: Arbitrary JS can be triggered on the sales order grid page by manipulating one of the URL parameters.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter: pocallaghan
APPSEC-2067: Admin to Admin XSS in configurable custom attribute label
Type: General: Cross Site Scripting (stored)
CVSSv3 Severity: 5.9
Known Attacks: None
Description: Administrator with limited permissions might be able to use XSS attack on another administrator.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter: convenient
APPSEC-2066: Admin to Admin XSS in Catalog Attribute Media Label
Type: General: Cross Site Scripting (stored)
CVSSv3 Severity: 5.9
Known Attacks: None
Description: Administrator with limited permissions might be able to use XSS attack on another administrator.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter: convenient
APPSEC-2060: Overwrite all Reviews
Type: Privilege Escalation & Enumeration: Information Exposure
CVSSv3 Severity: 5.9
Known Attacks: None
Description: In specific configurations, it might be possible to overwrite reviews.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter: pocallaghan
APPSEC-1859: Reset password URL includes the customer ID
Type: Privilege Escalation & Enumeration
CVSSv3 Severity: N/A
Known Attacks: None
Description: The reset password link for a customer account includes the customer ID. An attacker can use the customer ID to gain access to the customer account, despite the use of a token.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10, Magento 2.1 prior to 2.1.15, Magento 2.2 prior to 2.2.6
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888, Magento 2.1.15, Magento 2.2.6
Reporter: Internal
APPSEC-1730: Downloader does not force to use HTTPS
Type: Improvement
CVSSv3 Severity: N/A
Known Attacks: None
Description: Downloader now will only use HTTPS connections.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter: Internal
APPSEC-1936: Customer password recoverable from the database
Type: Privilege Escalation & Enumeration: Information Exposure
CVSSv3 Severity: N/A
Known Attacks: None
Description: Magento customer password recoverable from the database `sales_flat_quote` table. A malicious user can use a brute-force attack to recover the `global/secret/key` from the `app/etc/local.xml` file, upload a file, and then decrypt it.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter: jeroenboersma
APPSEC-1933: Moxieplayer Redirect
Type: Security Misconfiguration: Misconfigured Browser Feature
CVSSv3 Severity: N/A
Known Attacks: None
Description: A Moxieplayer redirect allows an open redirect to any site in an exploitable manner.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter: todayisnew
APPSEC-2002: E-mail admin users when a new administrator is created.
Type: Improvement
CVSSv3 Severity: N/A
Known Attacks: None
Description: Helps detect recently created admin accounts. Email is sent when new administrator account is created.
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10, Magento 2.1 prior to 2.1.15, Magento 2.2 prior to 2.2.6
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888, Magento 2.1.15, Magento 2.2.6
Reporter: Internal
APPSEC-1790: Possibility to inject XML via gift card registry
Type: XML Injection
CVSSv3 Severity: N/A
Known Attacks: None
Description: Possibility to inject XML via gift card registry
Product(s) Affected: Magento Open Source prior to 1.9.3.10, and Magento Commerce prior to 1.14.3.10.
Fixed In: Magento Open Source 1.9.3.10, Magento Commerce 1.14.3.10, SUPEE-10888
Reporter: Internal
SUPEE-10888
0 votes, 0.00 avg. rating (0% score)