CVE-2020-15080

Опубликовано: 02 июл. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server.

Ссылки

https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.7.4.0 (исключая) до 1.7.6.6 (исключая)

EPSS

Процентиль: 43%

0.00206

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

CWE-862