CVE-2020-15151

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15151
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15151.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-15151
Aliases
Related
Published
2020-08-20T01:17:12.507Z
Modified
2026-04-10T04:29:43.548141Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.

References

Affected packages

Git / github.com/OpenMage/magento-lts

Affected ranges

Type
GIT
Repo
https://github.com/OpenMage/magento-lts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f77f7ee16d7613b956775c014cf9d6c729e44578
Introduced
16c8e84ddaf5d54eef1e025a241bdd5f9a60bd6f
Fixed
e878064ce20a0cdb2049598d2d362b48d6b6e866
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "19.4.6"
        },
        {
            "introduced": "20.0.0"
        },
        {
            "fixed": "20.0.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/magento/devdocs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b69fab3da87a1536e1a583e51c8115e3f843609b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b69fab3da87a1536e1a583e51c8115e3f843609b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/openmage/magento-lts
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7c526bc6a6a51b57a1bab4c60f104dc36cde347a

Affected versions

1.*
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.2.0
1.2.0.1
1.2.0.2
1.2.0.3
1.2.1
1.2.1.2
1.3.0
1.3.1
1.3.1.1
1.3.2
1.3.2.1
1.3.2.2
1.3.2.3
1.3.2.4
1.4.0.0
1.4.0.0-alpha1
1.4.0.0-alpha2
1.4.0.0-alpha3
1.4.0.0-beta1
1.4.0.0-rc1
1.4.0.1
1.4.1.0
1.4.1.1
1.4.2.0
1.5.0.0
1.5.0.0-alpha1
1.5.0.0-alpha2
1.5.0.0-beta1
1.5.0.0-beta2
1.5.0.0-rc1
1.5.0.0-rc2
1.5.0.1
1.5.1.0
1.6.0.0
1.6.0.0-alpha1
1.6.0.0-beta1
1.6.0.0-rc1
1.6.0.0-rc2
1.6.1.0
1.7.0.0
1.7.0.1
1.7.0.2
1.8.1.0
1.9.0.0
1.9.0.1
1.9.1.0-lts
1.9.1.1
2.*
2.0.8
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.2.11
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.2
2.3.3-p1
2.3.4
2.3.5
v19.*
v19.4.0
v19.4.1
v19.4.2
v19.4.3
v19.4.4
v19.4.5
v20.*
v20.0.0
v20.0.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15151.json"