Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.

Affected Packages

Packagist magento/community-edition

Affected versions: 2.4.6-p1 (fixed in 2.4.6-p6)

Packagist magento/community-edition

Affected versions: 2.4.5-p1 (fixed in 2.4.5-p8)

Packagist magento/community-edition

Affected versions: 0 (fixed in 2.4.4-p9)

Related CVEs

CVE-2024-34106

Key Information

GHSA ID

GHSA-p6h9-gx5g-wg64

Published

June 13, 2024 9:31 AM

Last Modified

August 7, 2024 5:43 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

magento/community-edition

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.