Vulnerabilities > CVE-2020-9690 - Information Exposure Through Discrepancy vulnerability in Magento

047910
CVSS 4.2 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
magento
CWE-203

Summary

Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.

Vulnerable Configurations

Part Description Count
Application
Magento
189

Common Weakness Enumeration (CWE)