Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Apaczka by Alsendo Sp. z o. o.

    CVE-2024-2759 (GCVE-0-2024-2759)

    Vulnerability from nvd – Published: 2024-04-04 13:23 – Updated: 2024-11-20 17:21
    VLAI
    Title
    Improper access control in Apaczka plugin for PrestaShop
    Summary
    Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Alsendo Sp. z o. o. Apaczka Affected: v1 , ≤ v4 (custom)
    Create a notification for this product.
    prestashopmodules apaczka Affected: 1.0 , ≤ 4.0 (custom)
        cpe:2.3:a:prestashopmodules:apaczka:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Jakub Przepióra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:prestashopmodules:apaczka:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apaczka",
                "vendor": "prestashopmodules",
                "versions": [
                  {
                    "lessThanOrEqual": "4.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2759",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T17:19:10.975327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T17:21:20.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:25:41.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/en/posts/2024/04/CVE-2024-2759/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/posts/2024/04/CVE-2024-2759/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.apaczka.pl/integracje/prestashop/konfiguracja/",
              "defaultStatus": "unaffected",
              "platforms": [
                "PrestaShop"
              ],
              "product": "Apaczka",
              "vendor": "Alsendo Sp. z o. o.",
              "versions": [
                {
                  "lessThanOrEqual": "v4",
                  "status": "affected",
                  "version": "v1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jakub Przepi\u00f3ra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.\u003cp\u003eThis issue affects Apaczka plugin for PrestaShop from v1 through v4.\u003c/p\u003e"
                }
              ],
              "value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-10T15:36:17.582Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/04/CVE-2024-2759/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/04/CVE-2024-2759/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper access control in Apaczka plugin for PrestaShop",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-2759",
        "datePublished": "2024-04-04T13:23:57.114Z",
        "dateReserved": "2024-03-21T13:13:33.707Z",
        "dateUpdated": "2024-11-20T17:21:20.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2759 (GCVE-0-2024-2759)

    Vulnerability from cvelistv5 – Published: 2024-04-04 13:23 – Updated: 2024-11-20 17:21
    VLAI
    Title
    Improper access control in Apaczka plugin for PrestaShop
    Summary
    Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    References
    Impacted products
    Vendor Product Version
    Alsendo Sp. z o. o. Apaczka Affected: v1 , ≤ v4 (custom)
    Create a notification for this product.
    prestashopmodules apaczka Affected: 1.0 , ≤ 4.0 (custom)
        cpe:2.3:a:prestashopmodules:apaczka:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Jakub Przepióra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:prestashopmodules:apaczka:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "apaczka",
                "vendor": "prestashopmodules",
                "versions": [
                  {
                    "lessThanOrEqual": "4.0",
                    "status": "affected",
                    "version": "1.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2759",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T17:19:10.975327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T17:21:20.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:25:41.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/en/posts/2024/04/CVE-2024-2759/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://cert.pl/posts/2024/04/CVE-2024-2759/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.apaczka.pl/integracje/prestashop/konfiguracja/",
              "defaultStatus": "unaffected",
              "platforms": [
                "PrestaShop"
              ],
              "product": "Apaczka",
              "vendor": "Alsendo Sp. z o. o.",
              "versions": [
                {
                  "lessThanOrEqual": "v4",
                  "status": "affected",
                  "version": "v1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jakub Przepi\u00f3ra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.\u003cp\u003eThis issue affects Apaczka plugin for PrestaShop from v1 through v4.\u003c/p\u003e"
                }
              ],
              "value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552 Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-10T15:36:17.582Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2024/04/CVE-2024-2759/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/posts/2024/04/CVE-2024-2759/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper access control in Apaczka plugin for PrestaShop",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2024-2759",
        "datePublished": "2024-04-04T13:23:57.114Z",
        "dateReserved": "2024-03-21T13:13:33.707Z",
        "dateUpdated": "2024-11-20T17:21:20.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }