Description
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Adobe | Magento | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-5786 | Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass. |
 Github GHSA |
GHSA-xgp9-j48h-jjf9 | Magento observable timing discrepancy vulnerability |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: adobe
Published:
Updated: 2024-08-04T10:34:39.927Z
Reserved: 2020-03-02T00:00:00.000Z
Link: CVE-2020-9690
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-29T13:15:10.540
Modified: 2024-11-21T05:41:06.403
Link: CVE-2020-9690
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses