CVE-2020-15080

EPSS 0.21%
Veröffentlicht 02.07.2020 17:15:12
Zuletzt bearbeitet 21.11.2024 05:04:46
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prestashop ≫ Prestashop Version > 1.7.4.0 < 1.7.6.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.397

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76

Patch

Third Party Advisory

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15080

EUVD