CVE-2017-13761

MEDIUM

Fastly CDN Module for Magento2 < 1.2.26 - Authenticated Sensitive Information Exposure via Cached Redirect Responses

Title source: llm
STIX 2.1

Description

The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.

Scores

CVSS v3 6.5
EPSS 0.0122
EPSS Percentile 65.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
fastly/fastly < 1.2.25
fastly/magento2 0 - 1.2.26Packagist
Published Sep 14, 2017
Tracked Since Feb 18, 2026