This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks
The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved
Related to Adobes CVE-2020-9690 ( https://helpx.adobe.com/security/products/magento/apsb20-47.html ) fixed in Magento2 magento/magento2@52d72b8 as part of 2.4.0/2.3.5-p2
Impact
This vulnerability allows to circumvent the formkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks
Patches
The latest OpenMage Versions up from 19.4.6 and 20.0.2 have this Issue solved
References
Related to Adobes CVE-2020-9690 ( https://helpx.adobe.com/security/products/magento/apsb20-47.html )
fixed in Magento2 magento/magento2@52d72b8
as part of 2.4.0/2.3.5-p2