Tag: varnish rce

APPSEC-2003: RCE via Varnish settings in admin

Description: Admin user can read any file on server and can execute any commands through Varnish. Vulnerability is in the Magento 2.2 admin configuration settings for Varnish, where admin user can whitelist list of IPs (ACL) and download the customized

Posted in Magento 2, Magento Commerce, Magento Open Source, RCE Tagged with: ,