CVE Vulnerability

CVE-2020-15080

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76 Patch Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
Information

Published : 2020-07-02 05:15

Updated : 2021-11-18 06:05

NVD link : CVE-2020-15080

Mitre link : CVE-2020-15080

Products Affected
No products.
CWE
CWE-862