CVE-2020-7964

Published: Jan 24, 2020Modified: Jun 17, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).

Affected (1)

Products: Mirumee: Saleor

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mirumee Saleor	From 2.0.0 to 2.9.1

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3

Source: cve@mitre.org

Patch

https://github.com/mirumee/saleor/releases/tag/2.9.1

Source: cve@mitre.org

Release Notes

https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/mirumee/saleor/releases/tag/2.9.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.