Lucene search
PRIOn knowledge basePRION:CVE-2023-26051HistoryMar 02, 2023 - 7:15 p.m.
Information disclosure
2023-03-0219:15:00
PRIOn knowledge base
www.prio-n.com
5
saleor
graphql
commerce
platform
user email
python exceptions
error messages
sensitive information
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.
References
github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1
github.com/saleor/saleor/releases/tag/3.1.48
github.com/saleor/saleor/releases/tag/3.10.14
github.com/saleor/saleor/releases/tag/3.11.12
github.com/saleor/saleor/releases/tag/3.7.59
github.com/saleor/saleor/releases/tag/3.8.30
github.com/saleor/saleor/releases/tag/3.9.27
github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85
Related
osv
osv
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
2023-03-03 22:46:04
CVE-2023-26051
2023-03-02 19:15:10
cvelist
cvelist
nvd
nvd
CVE-2023-26051
2023-03-02 19:15:10
github
github
cve
cve
CVE-2023-26051
2023-03-02 19:15:10
veracode
veracode
Information Disclosure
2023-03-08 09:51:49