APPSEC-2003: RCE via Varnish settings in admin

Description: Admin user can read any file on server and can execute any commands through Varnish. Vulnerability is in the Magento 2.2 admin configuration settings for Varnish, where admin user can whitelist list of IPs (ACL) and download the customized Varnish configuration file to use it as full page cache.

Type: General: Remote Code Execution

CVSSv3 Severity: 9.8

Product(s) Affected: Magento 2.1 prior to 2.1.15, Magento 2.2 prior to 2.2.6

Fixed In: Magento 2.1.15, Magento 2.2.6

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE Tagged with: ,