Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2020-24406

When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.

  • Published: Nov 9, 2020
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-24406
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 3.7
  • AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
magento / magento 2.4.0 2.4.0.x
magento / magento - 2.3.4.x