CVE-2020-24406 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=0 <2.3.6 || =2.4.0 || >=2.4.0 <2.4.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0016 pctl0.37403

Details

Magento information disclosure vulnerability When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment.

Metadata

Created: 2022-05-24T17:33:56Z
Modified: 2024-01-11T17:40:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mr8q-7f5j-wc79/GHSA-mr8q-7f5j-wc79.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-mr8q-7f5j-wc79
Finding: F038
Auto approve: 1