CVE-2020-15151

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.

Published: Aug 20, 2020
Updated: May 9, 2024
CVE: CVE-2020-15151
GHSA: GHSA-crf2-xm6x-46p6
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:H/Au:N/C:P/I:P/A:N

CWEs:

CWE-203
CWE-352

Affected Software
References

Software	From	Fixed in
openmage / openmage_long_term_support	20.0.0	20.0.2
openmage / openmage_long_term_support	-	19.4.6
magento / magento	-	2.3.5.x
openmage / magento-lts	-	19.4.6
openmage / magento-lts	20.0.0	20.0.2

https://github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6
https://helpx.adobe.com/security/products/magento/apsb20-47.html

Vulnerability Database

289,782

CVE-2020-15151