What the vulnerability does
01Description
Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.
Explanation of Vulnerability in Simple Terms
Stripe Payments version 2.0.98 and earlier contains a flaw allowing attackers to read sensitive payment data and modify transaction records. The vulnerability requires no authentication or user interaction and can be exploited over the network. Site administrators should update to a version newer than 2.0.98 immediately.
What an attacker can do
Read payment data and modify transaction records without authentication.
Potential impact on your site
Customer payment information and transaction history could be exposed or altered by remote attackers.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources