Description

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Remediation

References

CVE-2020-9690

Related Vulnerabilities

Oracle Database Server Improper Input Validation Vulnerability (CVE-2018-1000873)

WordPress Plugin Showbiz Pro Responsive Teaser Arbitrary File Upload (1.7.1)

PHP Numeric Errors Vulnerability (CVE-2016-1904)

MySQL CVE-2014-6489 Vulnerability (CVE-2014-6489)

WordPress Plugin Custom Contact Forms Security Bypass (5.1.0.3)

Severity

Medium

Classification

CVE-2020-9690 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities