CVE-2019-8108: Magento Broken authentication and session managememt

May 24, 2022 (updated May 15, 2024)

Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management.

References

github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8108.yaml
github.com/advisories/GHSA-92ph-xm9v-cg3j
github.com/magento/magento2
magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
nvd.nist.gov/vuln/detail/CVE-2019-8108

Code Behaviors & Features

Detect and mitigate CVE-2019-8108 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →