How severe is CVE-2020-15085?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2020-15085?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2020-15085 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.

Related Vulnerabilities

CVE-2021-22929

MEDIUM

CVSS:6.1(Medium)

An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.

CWE-3122021

CVE-2021-38150

MEDIUM

CVSS:6.1(Medium)

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read...

CWE-3122021

CVE-2023-41096

MEDIUM

CVSS:6.1(Medium)

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in ...

CWE-3122023

CVE-2020-4095

MEDIUM

CVSS:6.0(Medium)

"BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and extract the crede...

CWE-3122020

CVE-2019-4566

MEDIUM

CVSS:6.2(Medium)

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 166627.

CWE-3122019

CVE-2020-4884

MEDIUM

CVSS:6.2(Medium)

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.

CWE-3122020