CVE-2020-9690
published 2020-07-29CVE-2020-9690: Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to…
medium4.2CVSS 3.1
AVLACLPRHUIRSUCNIHAN
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | magento | — | — |
| magento | community-edition | >= 0 < 2.3.5-p2 | 2.3.5-p2 |
| magento | magento | < 2.3.5 | 2.3.5 |
| magento | magento | <= 2.3.5 | — |
| magento | magento | — | — |
| openmage | magento-lts | < 19.4.6" | 19.4.6" |
| openmage | magento-lts | — | — |
| openmage | magento-lts | >= 0 < 19.4.6 | 19.4.6 |
| openmage | magento-lts | >= 20.0.0 < 20.0.2 | 20.0.2 |
| openmage | openmage_long_term_support | < 19.4.6 | 19.4.6 |
| openmage | openmage_long_term_support | >= 20.0.0 < 20.0.2 | 20.0.2 |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
ghsa4.2MEDIUM
osv4.2MEDIUM