3 matches found
Cross-site Request Forgery (CSRF)
openmage/magento-lts is vulnerable to cross-site request forgery. The vulnerability exists because of lack of formkey protection in the function validateSecretKey of Admin Interface, allowing an attacker to easily observe timing discrepancy in OpenMage LTS...
GHSA-CRF2-XM6X-46P6 Observable Timing Discrepancy in OpenMage LTS
Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...
Observable Timing Discrepancy in OpenMage LTS
Impact This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks Patches The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved References Related to Adobes CVE-2020-9690...