CVE-2020-15151

Опубликовано: 20 авг. 2020

Источник: nvd

CVSS3: 8

CVSS2: 4

EPSS Низкий

Описание

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.

Ссылки

https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a
Patch
Third Party Advisory
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6
Third Party Advisory
https://helpx.adobe.com/security/products/magento/apsb20-47.html
Release Notes
Vendor Advisory
https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a
Patch
Third Party Advisory
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6
Third Party Advisory
https://helpx.adobe.com/security/products/magento/apsb20-47.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openmage:openmage_long_term_support:*:*:*:*:*:*:*:*

Версия до 19.4.6 (исключая)

cpe:2.3:a:openmage:openmage_long_term_support:*:*:*:*:*:*:*:*

Версия от 20.0.0 (включая) до 20.0.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*

Версия до 2.3.5 (включая)

cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*

Версия до 2.3.5 (включая)

EPSS

Процентиль: 25%

0.00088

Низкий

8 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-203

CWE-352

Связанные уязвимости

GHSA-crf2-xm6x-46p6