CVE-2017-13761
MEDIUMFastly CDN Module for Magento2 < 1.2.26 - Authenticated Sensitive Information Exposure via Cached Redirect Responses
Title source: llmDescription
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.fastly.com/security-advisories/vulnerability-fastly-open-source-cdn-module-intended-be-integrated-magento2
Scores
CVSS v3
6.5
EPSS
0.0122
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
fastly/fastly
< 1.2.25
fastly/magento2
0 - 1.2.26Packagist
Published
Sep 14, 2017
Tracked Since
Feb 18, 2026