CVE-2020-9588

CWE-2034 documents4 sources

Severity

7.2HIGH

EPSS

1.2%

top 21.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Magento Community-edition Magento Core Magento Magento +2 more

Timeline

PublishedJun 26

Latest updateMay 24

Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶Packagistmagento/core< 1.9.4.5

▶Packagistmagento/community-edition< 2.3.4-p2

▶NVDmagento/magento2.2.0 — 2.2.11+3

▶Packagistmagento/project-community-edition2.0.2

▶CVEListV5adobe/magento2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier versions

🔴Vulnerability Details

GHSA

Magento Signature verification bypass↗2022-05-24

▶

OSV

Magento Signature verification bypass↗2022-05-24

▶

CVEList

CVE-2020-9588: Magento versions 2↗2020-06-26

▶