CVE-2020-15269
Description
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.257
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-15269 are fixed in Ruby-spree 3.7.11 | Windows |
| Vulnerabilities CVE-2020-15269 are fixed in Ruby-spree 4.0.4 | Windows |
| Vulnerabilities CVE-2020-15269 are fixed in Ruby-spree 4.1.11 | Windows |
| Vulnerabilities CVE-2020-15269 are fixed in Ruby-spree for Linux 3.7.11 | Linux |
| Vulnerabilities CVE-2020-15269 are fixed in Ruby-spree for Linux 4.0.4 | Linux |
| Vulnerabilities CVE-2020-15269 are fixed in Ruby-spree for Linux 4.1.11 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234