Description

Magento Cacheleak is an implementation vulnerability, result of bad implementation of web-server configuration for Magento platform. Magento was developed to work under the Apache web-server which natively works with .htaccess files, so all needed configuration directives specific for various internal Magento folders were placed in .htaccess files.

When Magento is installed on web servers that are ignoring .htaccess files (such as nginx), an attacker can get access to internal Magento folders (such as the Magento cache directory) and extract sensitive information from cache files.

Remediation

Restrict access to internal Magento directories such as /var/, /app/, /includes/, ...
Consult web references for more information.

Add the following lines to your nginx server configuration: 

    location ^~ /app/ { deny all; }
    location ^~ /includes/ { deny all; }
    location ^~ /lib/ { deny all; }
    location ^~ /media/downloadable/ { deny all; }
    location ^~ /pkginfo/ { deny all; }
    location ^~ /report/config.xml { deny all; }
    location ^~ /var/ { deny all; }

References

Securing Magento Cacheleak, Backupleak and Sessionleak

How to secure Magento Cacheleak

Related Vulnerabilities

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13632)

WordPress Plugin Wonder PDF Embed Cross-Site Scripting (1.6)

WordPress Plugin Circles Gallery Cross-Site Scripting (1.0.10)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-0221)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure Missing Update