==================================================================== CERT-Renater Note d'Information No. 2020/VULN577 _____________________________________________________________________ DATE : 16/10/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Magento Open Source, Magento Commerce versions prior to 2.3.5-p1, 2.4.0. ===================================================================== https://helpx.adobe.com/security/products/magento/apsb20-59.html _____________________________________________________________________ Security Updates Available for Magento | APSB20-59 Bulletin ID Date Published Priority ASPB20-59 October 15th, 2020 2 Summary Magento has released updates for Magento Commerce and Magento Open Source. These updates resolve vulnerabilities rated important and critical. Successful exploitation could lead to arbitrary code execution. Affected Versions Product Version Platform Magento Commerce 2.3.5-p1 and earlier versions All Magento Commerce 2.4.0 and earlier versions All Magento Open Source 2.3.5-p1 and earlier versions All Magento Open Source 2.4.0 and earlier versions All Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version. Product Updated Version Platform Priority Rating Release Notes Magento Commerce 2.4.1 All 2 2.4.1 Commerce Magento Open Source 2.4.1 All 2 2.4.1 Open Source Magento Commerce 2.3.6 All 2 2.3.6 Commerce Magento Open Source 2.3.6 All 2 2.3.6 Open Source Vulnerability details Vulnerability Category Vulnerability Impact Severity Pre-authentication? Admin privileges required? Magento Bug ID CVE numbers File Upload Allow List Bypass Arbitrary code execution Critical No Yes PRODSECBUG-2799 CVE-2020-24407 SQL Injection Arbitrary read or write access to database Critical No Yes PRODSECBUG-2779 CVE-2020-24400 Improper Authorization Unauthorized modification of customer list Important No Yes PRODSECBUG-2789 CVE-2020-24402 Insufficient Invalidation of User Session Unauthorized access to restricted resources Important No Yes PRODSECBUG-2785 CVE-2020-24401 Improper Authorization Unauthorized modification of Magento CMS pages Important No Yes PRODSECBUG-2796 CVE-2020-24404 Sensitive Information Disclosure Disclosure of document root path Moderate No Yes PRODSECBUG-2798 CVE-2020-24406 Cross-site Scripting (Stored XSS) Arbitrary JavaScript execution in the browser Important Yes No PRODSECBUG-2804 CVE-2020-24408 Improper Authorization Unauthorized access to restricted resources Important No Yes PRODSECBUG-2797 CVE-2020-24405 Improper Authorization Unauthorized access to restricted resources Important No Yes PRODSECBUG-2791 CVE-2020-24403 Note: Pre-authentication: The vulnerability is exploitable without credentials. Admin privileges required: The vulnerability is only exploitable by an attacker with administrative privileges. Additional technical descriptions of the CVEs referenced in this document will be made available on MITRE and NVD sites. Updates to dependencies Dependency Vulnerability Impact Affected Versions jQuery File Upload Arbitrary code execution 2.4.0 and earlier versions TinyMCE Arbitrary JavaScript execution 2.4.0 and earlier versions Acknowledgments Adobe would like to thank the following individuals for reporting the relevant issues and for working with Adobe to help protect our customers:    Edgar Boda-Majer of Bugscale (CVE-2020-24408) Kien Hoang (CVE-2020-24402, CVE-2020-24401, CVE-2020-24404, CVE-2020-24405) Ihorsv (CVE-2020-24406) Malerisch (CVE-2020-24407) Dang Toan (CVE-2020-24403) Yonatan Offek (CVE-2020-24400) ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41         + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================