Search
Find a vulnerability
Search criteria
2 vulnerabilities found for dashproducts by PrestaShop
CVE-2020-15102 (GCVE-0-2020-15102)
Vulnerability from nvd – Published: 2020-07-21 17:50 – Updated: 2024-08-04 13:08
VLAI
EPSS
VEX
Title
Improper access control on dashboard form in PrestaShop
Summary
In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.
Severity
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/PrestaShop/dashproducts/securi… | x_refsource_CONFIRM |
| https://github.com/PrestaShop/dashproducts/commit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PrestaShop | dashproducts |
Affected:
< 2.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dashproducts",
"vendor": "PrestaShop",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:50:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
}
],
"source": {
"advisory": "GHSA-6292-4qpg-hvfg",
"discovery": "UNKNOWN"
},
"title": "Improper access control on dashboard form in PrestaShop",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15102",
"STATE": "PUBLIC",
"TITLE": "Improper access control on dashboard form in PrestaShop"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dashproducts",
"version": {
"version_data": [
{
"version_value": "\u003c 2.1.0"
}
]
}
}
]
},
"vendor_name": "PrestaShop"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg",
"refsource": "CONFIRM",
"url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
},
{
"name": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e",
"refsource": "MISC",
"url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
}
]
},
"source": {
"advisory": "GHSA-6292-4qpg-hvfg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15102",
"datePublished": "2020-07-21T17:50:12.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15102 (GCVE-0-2020-15102)
Vulnerability from cvelistv5 – Published: 2020-07-21 17:50 – Updated: 2024-08-04 13:08
VLAI
EPSS
VEX
Title
Improper access control on dashboard form in PrestaShop
Summary
In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.
Severity
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/PrestaShop/dashproducts/securi… | x_refsource_CONFIRM |
| https://github.com/PrestaShop/dashproducts/commit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PrestaShop | dashproducts |
Affected:
< 2.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dashproducts",
"vendor": "PrestaShop",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:50:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
}
],
"source": {
"advisory": "GHSA-6292-4qpg-hvfg",
"discovery": "UNKNOWN"
},
"title": "Improper access control on dashboard form in PrestaShop",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15102",
"STATE": "PUBLIC",
"TITLE": "Improper access control on dashboard form in PrestaShop"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dashproducts",
"version": {
"version_data": [
{
"version_value": "\u003c 2.1.0"
}
]
}
}
]
},
"vendor_name": "PrestaShop"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg",
"refsource": "CONFIRM",
"url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
},
{
"name": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e",
"refsource": "MISC",
"url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
}
]
},
"source": {
"advisory": "GHSA-6292-4qpg-hvfg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15102",
"datePublished": "2020-07-21T17:50:12.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}