Description: Admin user can read any file on server and can execute any commands through Varnish. Vulnerability is in the Magento 2.2 admin configuration settings for Varnish, where admin user can whitelist list of IPs (ACL) and download the customized Varnish configuration file to use it as full page cache.
Type: General: Remote Code Execution
CVSSv3 Severity: 9.8
Product(s) Affected: Magento 2.1 prior to 2.1.15, Magento 2.2 prior to 2.2.6
Fixed In: Magento 2.1.15, Magento 2.2.6