2 matches found
CVE-2020-15085
This CVE affects Saleor Storefront prior to version 2.10.3. Authentication-related data could be cached in the browser’s local storage, enabling an attacker with local access to extract email addresses and passwords. Prior to 2.10.0, the cached data could persist after logout; the issue is fixed ...
CVE-2020-15085 Client caching login operation with plaintext password in Saleor Storefront
In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0...