mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
f287b6d527
Added CVE-2020-27648, CVE-2020-27650, CVE-2020-27652, and CVE-2020-27656. Signed-off-by: Ken Lee <kenlee@synology.com>
72 lines
2.3 KiB
JSON
72 lines
2.3 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2020-27650",
|
|
"ASSIGNER": "security@synology.com",
|
|
"DATE_PUBLIC": "2020-10-29T00:00:00",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "DiskStation Manager (DSM)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"affected": "<",
|
|
"version_value": "6.2.3-25426-2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Synology"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"baseScore": "5.8",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://www.synology.com/security/advisory/Synology_SA_20_18",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://www.synology.com/security/advisory/Synology_SA_20_18"
|
|
}
|
|
]
|
|
}
|
|
}
|