CVE-2020-15269 — HIGH (7.4)

Q: How severe is CVE-2020-15269?

CVE-2020-15269 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-15269?

Check the references section above for vendor advisories and patch information. Affected products include: Sparksolutions Spree.

Vulnerability Description

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Sparksolutions	Spree	< 3.7.11

Related Weaknesses (CWE)

CWE-287 CWE-613

References

https://github.com/spree/spree/commit/e43643abfe51f54bd9208dd02298b366e9b9a847PatchThird Party Advisory
https://github.com/spree/spree/security/advisories/GHSA-f8cm-364f-q9qhThird Party Advisory
https://github.com/spree/spree/commit/e43643abfe51f54bd9208dd02298b366e9b9a847PatchThird Party Advisory
https://github.com/spree/spree/security/advisories/GHSA-f8cm-364f-q9qhThird Party Advisory

FAQ

What is CVE-2020-15269?

CVE-2020-15269 is a vulnerability with a CVSS score of 7.4 (HIGH). In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround with...

How severe is CVE-2020-15269?

CVE-2020-15269 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15269?

Check the references section above for vendor advisories and patch information. Affected products include: Sparksolutions Spree.