CVE-2020-15080
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PrestaShop | PrestaShop | >= 1.7.4.0, <1.7.6.6 | affected |
Weaknesses
- CWE-200: {"CWE-200":"Exposure of Sensitive Information to an Unauthorized Actor"}
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg
- https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76
References
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg
- https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.