CVE-2020-15085

Published: Jun 30, 2020Modified: Jun 17, 2026

6.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Exploitability: 1.8 / Impact: 4.2

Source: NVD

Description

In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.

Affected (1)

Products: Mirumee: Saleor

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mirumee Saleor	Before 2.10.3

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (6)

https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm

Source: security-advisories@github.com

Third Party Advisory

https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.