admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-139xx/CVE-2020-13932.json
cad-safe-bot b47d02a333 Auto-Update: 2023-11-07T21:02:52.274489+00:00
2023-11-07 21:03:21 +00:00

118 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-13932",
"sourceIdentifier": "security@apache.org",
"published": "2020-07-20T22:15:11.747",
"lastModified": "2023-11-07T03:17:00.440",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section."
},
{
"lang": "es",
"value": "En Apache ActiveMQ Artemis versiones 2.5.0 hasta 2.13.0, un paquete MQTT especialmente dise\u00f1ado que presenta una carga \u00fatil XSS como id del cliente o nombre de tema puede explotar esta vulnerabilidad. La carga \u00fatil de XSS est\u00e1 siendo inyectada en el navegador de la consola de administraci\u00f3n. La carga \u00fatil XSS es activada en el plugin diagram; nodo queue y la secci\u00f3n info"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.5.0",
"versionEndIncluding": "2.13.0",
"matchCriteriaId": "A9AFDE5C-5B76-4560-B5DD-FF60841EC26D"
}
]
}
]
}
],
"references": [
{
"url": "https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt",
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb%40%3Cusers.activemq.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E",
"source": "security@apache.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink