{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T17:42:39.782","vulnerabilities":[{"cve":{"id":"CVE-2020-15085","sourceIdentifier":"security-advisories@github.com","published":"2020-06-30T17:15:10.797","lastModified":"2024-11-21T05:04:46.887","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including credentials. A malicious user with direct access to the browser could extract the email and password. In versions prior to 2.10.0 persisted the cache even after the user logged out. This is fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront."},{"lang":"es","value":"En Saleor Storefront versiones anteriores a 2.10.3, los datos de petición usados para autenticar a los clientes se almacenaron en memoria caché inadvertidamente en el mecanismo de almacenamiento local del navegador, incluyendo las credenciales. Un usuario malicioso con acceso directo al navegador podría extraer el correo electrónico y la contraseña. En versiones anteriores a 2.10.0, la memoria caché persistía incluso después de que el usuario cerraba la sesión. Esto es corregido en la versión 2.10.3. Una solución alternativa es borrar manualmente los datos de la aplicación (almacenamiento local del navegador) después de iniciar sesión en Saleor Storefront"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mirumee:saleor:*:*:*:*:*:*:*:*","versionEndExcluding":"2.10.3","matchCriteriaId":"7D75FAC4-CD4C-4C99-A9AB-A51A2BD52992"}]}]}],"references":[{"url":"https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/mirumee/saleor-storefront/blob/master/CHANGELOG.md#2103","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/mirumee/saleor-storefront/commit/7c331e1be805022c9a7be719bd69d050b2577458","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/mirumee/saleor-storefront/security/advisories/GHSA-4279-h39w-2jqm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}