CVE-2024-6506

{"id": "CVE-2024-6506", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-07-04T13:15:10.240", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/information-exposure-vulnerability-mrw-plug", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Information exposure vulnerability in the MRW plugin, in its\u00a05.4.3 version,\u00a0affecting the \"mrw_log\" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also allows an attacker to create or overwrite shipping labels."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n en el plugin MRW, en su versi\u00f3n 5.4.3, afectando a la funcionalidad \"mrw_log\". Esta vulnerabilidad podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n de pedidos de otros clientes y acceda a informaci\u00f3n confidencial como nombre y n\u00famero de tel\u00e9fono. Esta vulnerabilidad tambi\u00e9n permite a un atacante crear o sobrescribir etiquetas de env\u00edo."}], "lastModified": "2024-07-05T12:55:51.367", "sourceIdentifier": "cve-coordination@incibe.es"}