MEDIUM 4.3
GHSA-gvrg-62jp-rf7j
PrestaShop allows employee without any access rights to list all installed modules
Details
### Impact In BO, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights
### Patches Fixed on 8.1.2
### Workarounds
### References
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist / prestashop/prestashop
Introduced in:
0 Fixed in: 8.1.2 Fix
composer require prestashop/prestashop:^8.1.2