CVE-2024-29036 (GCVE-0-2024-29036)

Vulnerability from cvelistv5 – Published: 2024-03-20 20:39 – Updated: 2024-08-02 01:03
VLAI?
Title
Saleor Storefront session leak in cache
Summary
Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
Vendor Product Version
saleor storefront Affected: < 579241e75a5eb332ccf26e0bcdd54befa33f4783
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29036",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-21T15:24:01.977373Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:57:12.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4"
          },
          {
            "name": "https://github.com/saleor/saleor-docs/pull/1120",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/saleor/saleor-docs/pull/1120"
          },
          {
            "name": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da"
          },
          {
            "name": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "storefront",
          "vendor": "saleor",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 579241e75a5eb332ccf26e0bcdd54befa33f4783"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-20T20:39:01.341Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4"
        },
        {
          "name": "https://github.com/saleor/saleor-docs/pull/1120",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/saleor/saleor-docs/pull/1120"
        },
        {
          "name": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da"
        },
        {
          "name": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783"
        }
      ],
      "source": {
        "advisory": "GHSA-52cq-c7x7-cqw4",
        "discovery": "UNKNOWN"
      },
      "title": "Saleor Storefront session leak in cache"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-29036",
    "datePublished": "2024-03-20T20:39:01.341Z",
    "dateReserved": "2024-03-14T16:59:47.613Z",
    "dateUpdated": "2024-08-02T01:03:51.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-29036\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-20T21:15:31.817\",\"lastModified\":\"2025-12-03T19:40:20.967\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`.\"},{\"lang\":\"es\",\"value\":\"Saleor Storefront es un software para crear experiencias de comercio electr\u00f3nico. Antes del commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, cuando cualquier usuario se autentica en el escaparate, los usuarios an\u00f3nimos pueden acceder a sus datos. La sesi\u00f3n se filtra a trav\u00e9s del cach\u00e9 y cualquiera puede acceder a ella. Los usuarios deben actualizar a una versi\u00f3n que incorpore El commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 o posterior para recibir un parche. Un posible workaround es desactivar temporalmente la autenticaci\u00f3n cambiando el uso de `createSaleorAuthClient()`. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:saleor:react-storefront:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.2\",\"matchCriteriaId\":\"A6E6E31A-8912-4AC8-8102-D97681576C93\"}]}]}],\"references\":[{\"url\":\"https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/saleor/saleor-docs/pull/1120\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/saleor/saleor-docs/pull/1120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Saleor Storefront session leak in cache\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-200\", \"lang\": \"en\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4\"}, {\"name\": \"https://github.com/saleor/saleor-docs/pull/1120\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/saleor/saleor-docs/pull/1120\"}, {\"name\": \"https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da\"}, {\"name\": \"https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783\"}], \"affected\": [{\"vendor\": \"saleor\", \"product\": \"storefront\", \"versions\": [{\"version\": \"\u003c 579241e75a5eb332ccf26e0bcdd54befa33f4783\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-20T20:39:01.341Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`.\"}], \"source\": {\"advisory\": \"GHSA-52cq-c7x7-cqw4\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29036\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-21T15:24:01.977373Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:19.109Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-29036\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2024-03-14T16:59:47.613Z\", \"datePublished\": \"2024-03-20T20:39:01.341Z\", \"dateUpdated\": \"2024-06-04T17:57:12.452Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.