The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
Conclusion & alert: CVE-2017-13761 is rated Moderate Risk (49.6/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.22%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2017-13761
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).