{"id":"CVE-2023-29288","summary":"Adobe Commerce | Incorrect Authorization (CWE-863)","details":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction.","aliases":["GHSA-f989-3fp9-q3r2"],"modified":"2026-07-08T07:34:21.421851245Z","published":"2023-06-15T00:00:00Z","database_specific":{"cwe_ids":["CWE-863"],"cna_assigner":"adobe","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"2.4.4-p3"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29288.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29288.json"},{"type":"ADVISORY","url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29288"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/magento/magento2","events":[{"introduced":"44a7b6079bcac5ba92040b16f4f74024b4f34d09"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"}],"database_specific":{"cpe":["cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*"],"source":"CPE_STRING","extracted_events":[{"introduced":"2.3.7-NA"},{"last_affected":"2.3.7-NA"},{"introduced":"2.3.7-p1"},{"last_affected":"2.3.7-p1"},{"introduced":"2.3.7-p2"},{"last_affected":"2.3.7-p2"},{"introduced":"2.3.7-p3"},{"last_affected":"2.3.7-p3"},{"introduced":"2.3.7-p4"},{"last_affected":"2.3.7-p4"},{"introduced":"2.4.0-NA"},{"last_affected":"2.4.0-NA"},{"introduced":"2.4.0-ext\\-1"},{"last_affected":"2.4.0-ext\\-1"},{"introduced":"2.4.1-NA"},{"last_affected":"2.4.1-NA"},{"introduced":"2.4.1-ext\\-1"},{"last_affected":"2.4.1-ext\\-1"},{"introduced":"2.4.2-NA"},{"last_affected":"2.4.2-NA"},{"introduced":"2.4.2-ext\\-1"},{"last_affected":"2.4.2-ext\\-1"},{"introduced":"2.4.2-ext\\-2"},{"last_affected":"2.4.2-ext\\-2"},{"introduced":"2.4.3-NA"},{"last_affected":"2.4.3-NA"},{"introduced":"2.4.3-ext\\-1"},{"last_affected":"2.4.3-ext\\-1"},{"introduced":"2.4.3-ext\\-2"},{"last_affected":"2.4.3-ext\\-2"},{"introduced":"2.4.4-NA"},{"last_affected":"2.4.4-NA"},{"introduced":"2.4.4-p1"},{"last_affected":"2.4.4-p1"},{"introduced":"2.4.4-p2"},{"last_affected":"2.4.4-p2"},{"introduced":"2.4.4-p3"},{"last_affected":"2.4.4-p3"},{"introduced":"2.4.5-NA"},{"last_affected":"2.4.5-NA"},{"introduced":"2.4.5-p1"},{"last_affected":"2.4.5-p1"},{"introduced":"2.4.5-p2"},{"last_affected":"2.4.5-p2"},{"introduced":"2.4.6-NA"},{"last_affected":"2.4.6-NA"}]}}],"versions":["2.3.7-NA","2.3.7-p1","2.3.7-p2","2.3.7-p3","2.3.7-p4","2.4.0-NA","2.4.0-ext\\-1","2.4.1-NA","2.4.1-ext\\-1","2.4.2-NA","2.4.2-ext\\-1","2.4.2-ext\\-2","2.4.3-NA","2.4.3-ext\\-1","2.4.3-ext\\-2","2.4.4-NA","2.4.4-p1","2.4.4-p2","2.4.4-p3","2.4.5-NA","2.4.5-p1","2.4.5-p2","2.4.6-NA"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29288.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}