admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 10:41:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-114xx/CVE-2020-11466.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

144 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-11466",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-04-01T21:15:14.193",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Deskpro versiones anteriores a 2019.8.0. El endpoint /api/tickets present\u00f3 un fallo al comprobar apropiadamente los privilegios de un usuario, permitiendo a un atacante recuperar informaci\u00f3n arbitraria sobre todos los tickets del servicio de asistencia (helpdesk) almacenados en la base de datos con numerosos filtros. Esto filtr\u00f3 informaci\u00f3n confidencial a partes no autorizadas. Adicionalmente, se filtr\u00f3 el c\u00f3digo de autenticaci\u00f3n del ticket, haciendo posible realizar cambios en un ticket."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deskpro:deskpro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2019.8.0",
"matchCriteriaId": "FC810F59-EA83-4340-8C19-5F995C4284E5"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-security-update-2019-09",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update",
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink