Search criteria
1 vulnerability by Alsendo Sp. z o. o.
CVE-2024-2759 (GCVE-0-2024-2759)
Vulnerability from cvelistv5 – Published: 2024-04-04 13:23 – Updated: 2024-11-20 17:21
VLAI?
Title
Improper access control in Apaczka plugin for PrestaShop
Summary
Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.
Severity ?
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alsendo Sp. z o. o. | Apaczka |
Affected:
v1 , ≤ v4
(custom)
|
Credits
Jakub Przepióra
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:prestashopmodules:apaczka:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apaczka",
"vendor": "prestashopmodules",
"versions": [
{
"lessThanOrEqual": "4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T17:19:10.975327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:21:20.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/04/CVE-2024-2759/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/04/CVE-2024-2759/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.apaczka.pl/integracje/prestashop/konfiguracja/",
"defaultStatus": "unaffected",
"platforms": [
"PrestaShop"
],
"product": "Apaczka",
"vendor": "Alsendo Sp. z o. o.",
"versions": [
{
"lessThanOrEqual": "v4",
"status": "affected",
"version": "v1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jakub Przepi\u00f3ra"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.\u003cp\u003eThis issue affects Apaczka plugin for PrestaShop from v1 through v4.\u003c/p\u003e"
}
],
"value": "Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:36:17.582Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/04/CVE-2024-2759/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/04/CVE-2024-2759/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper access control in Apaczka plugin for PrestaShop",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-2759",
"datePublished": "2024-04-04T13:23:57.114Z",
"dateReserved": "2024-03-21T13:13:33.707Z",
"dateUpdated": "2024-11-20T17:21:20.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}