CVE-2020-15085

In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.

CVSS v3 6.1 MEDIUM
CVSS v2.0 2.1 LOW

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103	Release Notes Third Party Advisory
https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458	Patch Third Party Advisory
https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mirumee:saleor:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-30 17:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-15085

Mitre link : CVE-2020-15085

CVE.ORG link : CVE-2020-15085

JSON object : View

Products Affected

mirumee

saleor

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2020-15085", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.6}]}, "published": "2020-06-30T17:15:10.797", "references": [{"url": "https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront."}, {"lang": "es", "value": "En Saleor Storefront versiones anteriores a 2.10.3, los datos de petici\u00f3n usados para autenticar a los clientes se almacenaron en memoria cach\u00e9 inadvertidamente en el mecanismo de almacenamiento local del navegador, incluyendo las credenciales. Un usuario malicioso con acceso directo al navegador podr\u00eda extraer el correo electr\u00f3nico y la contrase\u00f1a. En versiones anteriores a 2.10.0, la memoria cach\u00e9 persist\u00eda incluso despu\u00e9s de que el usuario cerraba la sesi\u00f3n. Esto es corregido en la versi\u00f3n 2.10.3. Una soluci\u00f3n alternativa es borrar manualmente los datos de la aplicaci\u00f3n (almacenamiento local del navegador) despu\u00e9s de iniciar sesi\u00f3n en Saleor Storefront"}], "lastModified": "2020-07-28T15:45:59.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mirumee:saleor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D75FAC4-CD4C-4C99-A9AB-A51A2BD52992", "versionEndExcluding": "2.10.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}