CVE-2020-7964 in Saleor
Summary
by MITRE
An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer).
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/26/2024
The vulnerability identified as CVE-2020-7964 represents a critical access control flaw within the Mirumee Saleor e-commerce platform version 2.x prior to 2.9.1. This issue specifically affects the checkoutCustomerAttach mutation functionality, which is designed to associate customer sessions with user accounts during the checkout process. The flaw stems from inadequate authorization checks that fail to validate whether the authenticated user has legitimate permission to attach a checkout session to a specific user identifier. This weakness creates a fundamental breach in the platform's security model, allowing malicious actors to exploit the system's trust mechanisms.
The technical implementation of this vulnerability enables attackers to manipulate the checkoutCustomerAttach mutation by submitting arbitrary user ID values in their requests. When the system processes these requests without proper validation, it permits the attachment of one user's checkout session to another user's account, effectively bypassing the intended authentication and authorization controls. This flaw falls under the CWE-285 category of Improper Authorization, specifically manifesting as insufficient access control checks within the GraphQL mutation interface. The vulnerability operates at the application layer, leveraging the platform's GraphQL API endpoints to execute unauthorized operations.
The operational impact of this vulnerability extends beyond simple data exposure, creating significant risks for both the platform operators and their customers. Attackers can exploit this flaw to access sensitive user information including personal names, shipping addresses, and complete order histories of other customers. This data leakage represents a severe privacy violation and constitutes a breach of customer trust, potentially exposing users to identity theft, targeted phishing attacks, and other forms of fraud. The vulnerability affects the confidentiality aspect of the CIA triad, as it enables unauthorized data disclosure without proper authorization. Additionally, this issue can be leveraged as a reconnaissance tool to gather intelligence about customer base and business operations.
Organizations utilizing affected versions of Saleor should implement immediate mitigations to address this vulnerability. The primary solution involves updating to Saleor version 2.9.1 or later, which includes proper access control validation for the checkoutCustomerAttach mutation. Security teams should also consider implementing additional monitoring and logging of GraphQL mutation operations to detect anomalous patterns in checkout session attachments. Network-level controls such as API rate limiting and request validation can provide additional defense-in-depth measures. From a threat modeling perspective, this vulnerability aligns with ATT&CK technique T1078.004 for Valid Accounts and T1566.001 for Phishing, as it enables attackers to leverage legitimate user accounts for unauthorized data access. Organizations should also review their GraphQL schema permissions and implement proper input validation to prevent similar issues in other mutation endpoints. The vulnerability demonstrates the importance of comprehensive authorization testing, particularly for mutation operations that modify user session data and cross-user relationships within e-commerce platforms.