Description

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Remediation

References

CVE-2020-9588

Related Vulnerabilities

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.24)

WordPress Plugin Safe Editor Unspecified Vulnerability (1.1)

WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Cross-Site Request Forgery (3.4.31)

WordPress Plugin The Official Facebook Chat Security Bypass (1.5)

WordPress Plugin WP Easy Post Types Cross-Site Scripting (1.4.3)

Severity

High

Classification

CVE-2020-9588 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities