{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-29888","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2024-03-21T15:12:08.997Z","datePublished":"2024-03-27T18:53:44.698Z","dateUpdated":"2024-08-02T01:17:58.440Z"},"containers":{"cna":{"title":"Saleor vulnerable to customers addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method","problemTypes":[{"descriptions":[{"cweId":"CWE-359","lang":"en","description":"CWE-359: Exposure of Private Personal Information to an Unauthorized Actor","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45","tags":["x_refsource_CONFIRM"],"url":"https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"},{"name":"https://github.com/saleor/saleor/pull/15694","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/pull/15694"},{"name":"https://github.com/saleor/saleor/pull/15697","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/pull/15697"},{"name":"https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"},{"name":"https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"},{"name":"https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"},{"name":"https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"},{"name":"https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"},{"name":"https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"},{"name":"https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"},{"name":"https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640","tags":["x_refsource_MISC"],"url":"https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}],"affected":[{"vendor":"saleor","product":"saleor","versions":[{"version":">= 3.14.56, < 3.14.61","status":"affected"},{"version":">= 3.15.31, < 3.15.37","status":"affected"},{"version":">= 3.16.27, < 3.16.34","status":"affected"},{"version":">= 3.17.25, < 3.17.32","status":"affected"},{"version":">= 3.18.19, < 3.18.28","status":"affected"},{"version":">= 3.19.5, < 3.19.15","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-03-27T18:53:44.698Z"},"descriptions":[{"lang":"en","value":"Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`."}],"source":{"advisory":"GHSA-mrj3-f2h4-7w45","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-29888","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-27T19:54:53.329148Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-05T17:21:18.651Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T01:17:58.440Z"},"title":"CVE Program Container","references":[{"name":"https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45","tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/saleor/saleor/security/advisories/GHSA-mrj3-f2h4-7w45"},{"name":"https://github.com/saleor/saleor/pull/15694","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/pull/15694"},{"name":"https://github.com/saleor/saleor/pull/15697","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/pull/15697"},{"name":"https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/commit/22a1aa3ef0bc54156405f69146788016a7f3f761"},{"name":"https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/commit/39abb0f4e4fe6503f81bfbb871227e4f70bcdd5c"},{"name":"https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/commit/47cedfd7d6524d79bdb04708edcdbb235874de6b"},{"name":"https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/commit/997f7ea4f576543ec88679a86bfe1b14f7f2ff26"},{"name":"https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/commit/b7cecda8b603f7472790150bb4508c7b655946d4"},{"name":"https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/commit/d8ba545c16ad3153febc5b5be8fd2ef75da9fc95"},{"name":"https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/commit/dccc2c842b4e2e09470929c80f07dc137e439182"},{"name":"https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640","tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/saleor/saleor/commit/ef003c76a304c89ddb2dc65b7f1d5b3b2ba1c640"}]}]}}