{"id":"CVE-2024-39410","summary":"Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)","details":"Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. The vulnerability could be exploited by tricking a victim into clicking a link or loading a page that submits a malicious request. Exploitation of this issue does not require user interaction.","aliases":["GHSA-4323-f82v-f6jr"],"modified":"2026-05-18T05:57:52.274613654Z","published":"2024-08-14T11:57:17.152Z","database_specific":{"cna_assigner":"adobe","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"2.4.4-p9"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39410.json","cwe_ids":["CWE-352"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39410.json"},{"type":"ADVISORY","url":"https://helpx.adobe.com/security/products/magento/apsb24-61.html"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39410"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/magento/magento2","events":[{"introduced":"0"},{"last_affected":"4c36116dcf878e127059d9be9566a119783583f2"},{"last_affected":"0f9a056c8d83c4f319626b3e56ec52a533999f25"},{"last_affected":"5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"last_affected":"ef922155dbe6321862b3811e2472f2790489e685"},{"last_affected":"e18651b120784046b22e146ca1ab5d79493ed8a4"},{"last_affected":"c739d2113ebbbdceede4fa0dd6b0a0fc3e83355c"},{"last_affected":"a2ded45232876973af6e30fe312b76c0de77ebf3"},{"last_affected":"73f312a2f9bc43ee6bf436cb4e26ee20f6901322"},{"last_affected":"7aef59b58158c2c5f031a15550e590e3b499c989"},{"last_affected":"9721cc22eb32482d82e5e3d275fe3a0221d8b750"},{"last_affected":"30877fce83b793f71421c47347885cf076e81799"},{"last_affected":"1df4565907d40f14ee1c753cc2de2ce567bfa8d7"},{"last_affected":"11846a1a10539470f2fe1522030ff42d62daa562"},{"last_affected":"3e26248d2ccb4b52d75e6188bb1fc93dd691c254"},{"last_affected":"58dfc61e7b545bdeaf3c3a2dac489e8770d85656"},{"last_affected":"4d4e0e2ebf249a00c5f5aa1eaec3f24575133b62"},{"last_affected":"d6f014854784eccd39d2ecb35c4beeb82d59b309"},{"last_affected":"5bb9fe778e521cf2f3b35433c196d6ed2fd5ecb9"},{"last_affected":"eb27f55ff8d66db98e60784efa6d737b8ec94734"},{"last_affected":"a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"},{"last_affected":"727560d82199f6b938d1906e9d923e2dd40b490a"},{"last_affected":"37861a4025ef7f18016d3ab149e006da46821784"},{"last_affected":"6cc0d28cf66074adebc261e981eb35811601f813"},{"last_affected":"b57e30c9ae27e513da830ad1d3b20c6a94afa0e7"},{"last_affected":"a3179be22a602e83f7e1eca187d5f8a927ef392c"},{"last_affected":"c5c538810b87449886f4669cb8abbe8e5593c83c"},{"last_affected":"fcebd3a4ad2a6863af2e2092f5e548cbd81cb0f8"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"last_affected":"d196d504d8b387454a123033ec2a74d7fd3d5430"}],"database_specific":{"source":"CPE_FIELD","cpe":["cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*","cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"2.4.3"},{"last_affected":"2.4.4-NA"},{"last_affected":"2.4.4-p1"},{"last_affected":"2.4.4-p2"},{"last_affected":"2.4.4-p3"},{"last_affected":"2.4.4-p4"},{"last_affected":"2.4.4-p5"},{"last_affected":"2.4.4-p6"},{"last_affected":"2.4.4-p7"},{"last_affected":"2.4.4-p8"},{"last_affected":"2.4.4-p9"},{"last_affected":"2.4.5-NA"},{"last_affected":"2.4.5-p1"},{"last_affected":"2.4.5-p2"},{"last_affected":"2.4.5-p3"},{"last_affected":"2.4.5-p4"},{"last_affected":"2.4.5-p5"},{"last_affected":"2.4.5-p6"},{"last_affected":"2.4.5-p7"},{"last_affected":"2.4.5-p8"},{"last_affected":"2.4.6-NA"},{"last_affected":"2.4.6-p1"},{"last_affected":"2.4.6-p2"},{"last_affected":"2.4.6-p3"},{"last_affected":"2.4.6-p4"},{"last_affected":"2.4.6-p5"},{"last_affected":"2.4.6-p6"},{"last_affected":"2.4.7-NA"},{"last_affected":"2.4.7-b1"},{"last_affected":"2.4.7-b2"},{"last_affected":"2.4.7-p1"}]}}],"versions":["2.4.7","2.4.7-p2","2.4.7-p1","2.4.6-p6","2.4.5-p8","2.4.4-p9","2.4.6-p5","2.4.5-p7","2.4.4-p8","2.4.6-p4","2.4.5-p6","2.4.4-p7","2.4.6-p3","2.4.5-p5","2.4.4-p6","2.4.4-p5","2.4.5-p4","2.4.6-p2","2.4.4-p4","2.4.5-p3","2.4.6-p1","2.4.6","2.4.4-p3","2.4.5-p2","2.4.5","2.4.4-p2","2.4.5-p1","2.4.4-p1","2.4.4","2.4.3","2.2.0-RC1.3","2.2.0-RC1.2","2.2.0-RC1.1","2.1.0","2.1.0-rc3","2.1.0-rc2","2.1.0-rc1","2.0.0","2.0.0-rc","0.74.0-beta1","0.42.0-beta3","0.1.0-alpha108","0.42.0-beta1","0.1.0-alpha107","0.1.0-alpha106","0.1.0-alpha105","0.1.0-alpha104","0.1.0-alpha103","0.1.0-alpha102","0.1.0-alpha101","0.1.0-alpha100","0.1.0-alpha99","0.1.0-alpha98","0.1.0-alpha97","0.1.0-alpha96","0.1.0-alpha95","0.1.0-alpha94","0.1.0-alpha93","0.1.0-alpha92","0.1.0-alpha91","0.1.0-alpha90","0.1.0-alpha89"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39410.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}