CVE-2020-15151
8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenMage | magento-lts | < 19.4.6" | affected |
| OpenMage | magento-lts | >= 20.0.0, < 20.0.2 | affected |
Weaknesses
- CWE-203: {"CWE-203":"Observable Discrepancy"}
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6
- https://helpx.adobe.com/security/products/magento/apsb20-47.html
- https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a
References
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6
- https://helpx.adobe.com/security/products/magento/apsb20-47.html
- https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.