CVE-2019-8112

EPSS 0.6%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

05 Nov 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation.

Affected products

Adobe Systems Incorporated · Magento 2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update