{"id":"CVE-2023-29290","summary":"Adobe Commerce Guest Cart Shipping Address Overwrite IDOR ","details":"Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.","aliases":["GHSA-qw5m-vmp3-f553"],"modified":"2026-07-08T05:57:21.298999675Z","published":"2023-06-15T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29290.json","unresolved_ranges":[{"extracted_events":[{"last_affected":"2.4.6"},{"last_affected":"2.4.5-p2"},{"last_affected":"2.4.4-p3"},{"last_affected":"None"}],"source":"AFFECTED_FIELD"}],"cwe_ids":["CWE-353"],"cna_assigner":"adobe"},"references":[{"type":"WEB","url":"https://helpx.adobe.com/security/products/magento/apsb23-35.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29290.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29290"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/magento/magento2","events":[{"introduced":"44a7b6079bcac5ba92040b16f4f74024b4f34d09"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"}],"database_specific":{"extracted_events":[{"introduced":"2.3.7-NA"},{"last_affected":"2.3.7-NA"},{"introduced":"2.3.7-p1"},{"last_affected":"2.3.7-p1"},{"introduced":"2.3.7-p2"},{"last_affected":"2.3.7-p2"},{"introduced":"2.3.7-p3"},{"last_affected":"2.3.7-p3"},{"introduced":"2.3.7-p4"},{"last_affected":"2.3.7-p4"},{"introduced":"2.4.0-NA"},{"last_affected":"2.4.0-NA"},{"introduced":"2.4.0-ext\\-1"},{"last_affected":"2.4.0-ext\\-1"},{"introduced":"2.4.1-NA"},{"last_affected":"2.4.1-NA"},{"introduced":"2.4.1-ext\\-1"},{"last_affected":"2.4.1-ext\\-1"},{"introduced":"2.4.2-NA"},{"last_affected":"2.4.2-NA"},{"introduced":"2.4.2-ext\\-1"},{"last_affected":"2.4.2-ext\\-1"},{"introduced":"2.4.2-ext\\-2"},{"last_affected":"2.4.2-ext\\-2"},{"introduced":"2.4.3-NA"},{"last_affected":"2.4.3-NA"},{"introduced":"2.4.3-ext\\-1"},{"last_affected":"2.4.3-ext\\-1"},{"introduced":"2.4.3-ext\\-2"},{"last_affected":"2.4.3-ext\\-2"},{"introduced":"2.4.4-NA"},{"last_affected":"2.4.4-NA"},{"introduced":"2.4.4-p1"},{"last_affected":"2.4.4-p1"},{"introduced":"2.4.4-p2"},{"last_affected":"2.4.4-p2"},{"introduced":"2.4.4-p3"},{"last_affected":"2.4.4-p3"},{"introduced":"2.4.5-NA"},{"last_affected":"2.4.5-NA"},{"introduced":"2.4.5-p1"},{"last_affected":"2.4.5-p1"},{"introduced":"2.4.5-p2"},{"last_affected":"2.4.5-p2"},{"introduced":"2.4.6-NA"},{"last_affected":"2.4.6-NA"}],"source":"CPE_STRING","cpe":["cpe:2.3:a:adobe:commerce:2.3.7:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.3.7:p1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.3.7:p2:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.3.7:p3:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.3.7:p4:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.0:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.0:ext-1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.1:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.1:ext-1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.2:ext-1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.2:ext-2:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.3:-:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.3:ext-1:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.3:ext-2:*:*:*:*:*:*","cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*","cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*"]}}],"versions":["2.3.7-NA","2.3.7-p1","2.3.7-p2","2.3.7-p3","2.3.7-p4","2.4.0-NA","2.4.0-ext\\-1","2.4.1-NA","2.4.1-ext\\-1","2.4.2-NA","2.4.2-ext\\-1","2.4.2-ext\\-2","2.4.3-NA","2.4.3-ext\\-1","2.4.3-ext\\-2","2.4.4-NA","2.4.4-p1","2.4.4-p2","2.4.4-p3","2.4.5-NA","2.4.5-p1","2.4.5-p2","2.4.6-NA"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29290.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}