CVE-2023-26052

Published Mar 2, 2023

Last updated 2 years ago

Overview

Description: Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.
Source: security-advisories@github.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-209
security-advisories@github.com: CWE-209

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32910EFF-045F-4F93-BBD2-8D370D8DC6EB",
            "versionEndExcluding": "3.1.48",
            "versionStartIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "087E100F-63DE-4F84-9410-77BB517D14E3",
            "versionEndExcluding": "3.7.59",
            "versionStartIncluding": "3.2.0"
          },
          {
            "criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE021955-5B68-4626-8C74-534A3C0BFA62",
            "versionEndExcluding": "3.8.30",
            "versionStartIncluding": "3.8.0"
          },
          {
            "criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B87F6451-DB7D-47E2-9265-86EFF197727B",
            "versionEndExcluding": "3.9.27",
            "versionStartIncluding": "3.9.0"
          },
          {
            "criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10A27FA1-6BA8-4678-A27E-16BFDD241DCB",
            "versionEndExcluding": "3.10.14",
            "versionStartIncluding": "3.10.0"
          },
          {
            "criteria": "cpe:2.3:a:saleor:saleor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A86A9221-83AB-4977-81AD-83364AF05B9C",
            "versionEndExcluding": "3.11.12",
            "versionStartIncluding": "3.11.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References