PrestaShop CVE-2020-15079 vulnerability
Core
Score
6.4 MediumDate publish
02-07-2020Versiones afectadas
- Less than 1.7.6.6
Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6References
Metrics
| cvssMetricV31 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| source | security-advisories@github.com | nvd@nist.gov | |||||||||
| type | Secondary | Primary | |||||||||
| version | 3.1 | 3.1 | |||||||||
| vectorString | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | |||||||||
| baseScore | 6.4 | 5.4 | |||||||||
| baseSeverity | MEDIUM | MEDIUM | |||||||||
| attackVector | NETWORK | NETWORK | |||||||||
| attackComplexity | LOW | LOW | |||||||||
| privilegesRequired | LOW | LOW | |||||||||
| userInteraction | NONE | NONE | |||||||||
| scope | CHANGED | UNCHANGED | |||||||||
| confidentialityImpact | LOW | LOW | |||||||||
| integrityImpact | LOW | LOW | |||||||||
| availabilityImpact | NONE | NONE | |||||||||
| exploitabilityScore | 3.1 | 2.8 | |||||||||
| impactScore | 2.7 | 2.5 | |||||||||
| cvssMetricV2 | |||||||||||
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 2.0 | ||||||||||
| vectorString | AV:N/AC:L/Au:S/C:P/I:P/A:N | ||||||||||
| baseScore | 5.5 | ||||||||||
| accessVector | NETWORK | ||||||||||
| accessComplexity | LOW | ||||||||||
| authentication | SINGLE | ||||||||||
| confidentialityImpact | PARTIAL | ||||||||||
| integrityImpact | PARTIAL | ||||||||||
| availabilityImpact | NONE | ||||||||||
| baseSeverity | MEDIUM | ||||||||||
| exploitabilityScore | 8 | ||||||||||
| impactScore | 4.9 | ||||||||||
| acInsufInfo | False | ||||||||||
| obtainAllPrivilege | False | ||||||||||
| obtainUserPrivilege | False | ||||||||||
| obtainOtherPrivilege | False | ||||||||||
| userInteractionRequired | False | ||||||||||