CVE-2023-38218 (commerce, magento)

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.

adobe adobe commerce attacker commerce customers cve endpoint escalation exposure information input input validation insecure insecure direct object reference magento object privilege privilege escalation reference trigger validation vulnerability