What is the severity of CVE-2024-20718?

CVE-2024-20718 is classified as a moderate severity Cross-Site Request Forgery (CSRF) vulnerability.

How do I fix CVE-2024-20718?

To fix CVE-2024-20718, upgrade Adobe Commerce to the latest version that addresses this vulnerability.

Which versions of Adobe Commerce are affected by CVE-2024-20718?

Affected versions include Adobe Commerce 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier.

What type of vulnerability is CVE-2024-20718?

CVE-2024-20718 is a Cross-Site Request Forgery (CSRF) vulnerability.

What can an attacker do with CVE-2024-20718?

An attacker could exploit CVE-2024-20718 to trick a victim into performing unintended actions within the Adobe Commerce application.

Vulnerability/
CVE-2024-20718

medium

6.5

CWE

352

15/2/2024

4/3/2025

CVE-2024-20718: [Spain] CSRF to delete Requisition Lists at Adobe Commerce

First published: Thu Feb 15 2024(Updated: )

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Magento Commerce	=2.4.4
Adobe Magento Commerce	=2.4.4-p1
Adobe Magento Commerce	=2.4.4-p2
Adobe Magento Commerce	=2.4.4-p3
Adobe Magento Commerce	=2.4.4-p4
Adobe Magento Commerce	=2.4.4-p5
Adobe Magento Commerce	=2.4.4-p6
Adobe Magento Commerce	=2.4.5
Adobe Magento Commerce	=2.4.5-p1
Adobe Magento Commerce	=2.4.5-p2
Adobe Magento Commerce	=2.4.5-p3
Adobe Magento Commerce	=2.4.5-p4
Adobe Magento Commerce	=2.4.5-p5
Adobe Magento Commerce	=2.4.6
Adobe Magento Commerce	=2.4.6-p1
Adobe Magento Commerce	=2.4.6-p2
Adobe Magento Commerce	=2.4.6-p3
composer/magento/project-community-edition	<=2.0.2
composer/magento/community-edition	>=2.4.4-p1<2.4.4-p7	2.4.4-p7
composer/magento/community-edition	>=2.4.5-p1<2.4.5-p6	2.4.5-p6
composer/magento/community-edition	>=2.4.6-p1<2.4.6-p4	2.4.6-p4
composer/magento/community-edition	=2.4.4
composer/magento/community-edition	=2.4.5
composer/magento/community-edition	=2.4.6
	=2.4.4
	=2.4.4-p1
	=2.4.4-p2
	=2.4.4-p3
	=2.4.4-p4
	=2.4.4-p5
	=2.4.4-p6
	=2.4.5
	=2.4.5-p1
	=2.4.5-p2
	=2.4.5-p3
	=2.4.5-p4
	=2.4.5-p5
	=2.4.6
	=2.4.6-p1
	=2.4.6-p2
	=2.4.6-p3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-20718?
CVE-2024-20718 is classified as a moderate severity Cross-Site Request Forgery (CSRF) vulnerability.
How do I fix CVE-2024-20718?
To fix CVE-2024-20718, upgrade Adobe Commerce to the latest version that addresses this vulnerability.
Which versions of Adobe Commerce are affected by CVE-2024-20718?
Affected versions include Adobe Commerce 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier.
What type of vulnerability is CVE-2024-20718?
CVE-2024-20718 is a Cross-Site Request Forgery (CSRF) vulnerability.
What can an attacker do with CVE-2024-20718?
An attacker could exploit CVE-2024-20718 to trick a victim into performing unintended actions within the Adobe Commerce application.

agent/weakness
agent/title
agent/type
agent/description
agent/first-publish-date
agent/author
agent/severity
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/github-advisory-latest
source/GitHub
alias/GHSA-hqgj-4396-hmxv
alias/CVE-2024-20718
agent/last-modified-date
agent/references
agent/source
agent/softwarecombine
agent/tags
agent/event
collector/nvd-cve
collector/github-advisory
vendor/adobe
canonical/adobe magento commerce
version/adobe magento commerce/2.4.4
version/adobe magento commerce/2.4.4-p1
version/adobe magento commerce/2.4.4-p2
version/adobe magento commerce/2.4.4-p3
version/adobe magento commerce/2.4.4-p4
version/adobe magento commerce/2.4.4-p5
version/adobe magento commerce/2.4.4-p6
version/adobe magento commerce/2.4.5
version/adobe magento commerce/2.4.5-p1
version/adobe magento commerce/2.4.5-p2
version/adobe magento commerce/2.4.5-p3
version/adobe magento commerce/2.4.5-p4
version/adobe magento commerce/2.4.5-p5
version/adobe magento commerce/2.4.6
version/adobe magento commerce/2.4.6-p1
version/adobe magento commerce/2.4.6-p2
version/adobe magento commerce/2.4.6-p3
package-manager/composer