CVE-2020-15151: Cross-Site Request Forgery (CSRF)

August 19, 2020 (updated November 19, 2021)

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe’s CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.

References

github.com/OpenMage/magento-lts/commit/7c526bc6a6a51b57a1bab4c60f104dc36cde347a
github.com/OpenMage/magento-lts/security/advisories/GHSA-crf2-xm6x-46p6
github.com/advisories/GHSA-crf2-xm6x-46p6
helpx.adobe.com/security/products/magento/apsb20-47.html
nvd.nist.gov/vuln/detail/CVE-2020-15151

Code Behaviors & Features

Detect and mitigate CVE-2020-15151 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →