Description
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.
Remediation
References
Related Vulnerabilities
WordPress Plugin ARMember-Content Restriction & Membership Security Bypass (1.4)
MySQL CVE-2023-22068 Vulnerability (CVE-2023-22068)
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)
WordPress Plugin eShop Multiple Cross-Site Scripting Vulnerabilities (6.2.8)
WordPress Plugin Contact Form Integrated With Google Maps Cross-Site Scripting (2.4)