Vulnerability Description
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | < 1.7.6.6 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfcPatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvgThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfcPatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvgThird Party Advisory
FAQ
What is CVE-2020-15080?
CVE-2020-15080 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible ...
How severe is CVE-2020-15080?
CVE-2020-15080 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15080?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.