[CVE-2024-25844] Exposure of Private Personal Information to an Unauthorized Actor in Common-Services – So Flexibilite module for PrestaShop

PrestaShop Security Advisory

In the module “So Flexibilite” (soflexibilite) up to version 4.1.14 from Common-Services for PrestaShop, a guest can steal login / password to access the web portal https://www.colissimo.entreprise.laposte.fr/ and download all customer datas such as name / surname / postal address / phone.

Summary

  • CVE ID: CVE-2024-25844
  • Published at: 2024-02-29
  • Platform: PrestaShop
  • Product: soflexibilite
  • Impacted release: <= 4.1.14 (4.1.26 fixed the vulnerability)
  • Product author: Common-Services
  • Weakness: CWE-359
  • Severity: medium (7.5), GDPR violation

Description

Due to a lack of permissions control, a guest can access the debug file (which has no extension so the payload will bypass most WAF) from the module that leaks the login / password of the web portal https://www.colissimo.entreprise.laposte.fr/, then export all customer data who used this carrier.

Note : there is no version between 4.1.14 and 4.1.26.

CVSS base metrics

  • Attack vector: network
  • Attack complexity: low
  • Privilege required: none
  • User interaction: none
  • Scope: unchanged
  • Confidentiality: high
  • Integrity: none
  • Availability: none

Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Possible malicious usage

  • Steal personal data

Other recommendations

  • It’s recommended to upgrade to the latest version of the module soflexibilite.

Timeline

DateAction
2023-08-09Issue discovered during a code review by TouchWeb.fr
2023-08-09Contact PrestaShop Addons security Team to confirm version scope by author
2023-09-14Author provide a patch
2024-01-24PrestaShop Addons security Team confirms version scope by author
2024-02-22Received CVE ID
2024-02-29Publish this security advisory

TouchWeb thanks Bryan Bouchut for his help with the impact analysis on the web platform https://www.colissimo.entreprise.laposte.fr/

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *