admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-128xx/CVE-2020-12848.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

119 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-12848",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-06-05T13:15:10.617",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed."
},
{
"lang": "es",
"value": "En Pydio Cells versi\u00f3n 2.0.4, una vez que un usuario autenticado comparte un archivo seleccionando la opci\u00f3n create a public link, se crea una cuenta de usuario compartida oculta en el backend con un nombre de usuario aleatorio. Un usuario an\u00f3nimo que obtiene un enlace p\u00fablico valido puede obtener el nombre de usuario y la contrase\u00f1a ocultos asociados a la cuenta y proceder a iniciar sesi\u00f3n en la aplicaci\u00f3n web. Una vez que haya iniciado sesi\u00f3n en la aplicaci\u00f3n web con la cuenta de usuario oculta, ahora se pueden llevar a cabo algunas acciones que no estaban disponibles con el enlace p\u00fablico compartido"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pydio:cells:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD71F82-734C-4DDA-B136-C26C71116D01"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/158002/Pydio-Cells-2.0.4-XSS-File-Write-Code-Execution.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.coresecurity.com/advisories",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink