Search criteria
18 vulnerabilities found for broker by synk
FKIE_CVE-2020-7654
Vulnerability from fkie_nvd - Published: 2020-05-29 22:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613 | Patch, Vendor Advisory | |
| report@snyk.io | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synk:broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7999735-6CF7-4A8B-96C6-C76D97A4297C",
"versionEndExcluding": "4.73.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG."
},
{
"lang": "es",
"value": "Todas las versiones de snyk-broker anteriores a 4.73.1, son vulnerables a una Exposici\u00f3n de Informaci\u00f3n. Registra las claves privadas si el nivel de registro se establece en DEBUG."
}
],
"id": "CVE-2020-7654",
"lastModified": "2024-11-21T05:37:33.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-29T22:15:10.757",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
},
{
"source": "report@snyk.io",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7650
Vulnerability from fkie_nvd - Published: 2020-05-29 22:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609 | Patch, Vendor Advisory | |
| report@snyk.io | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synk:broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDA2139-3BF4-48CA-9336-1934DB1373D2",
"versionEndExcluding": "4.73.1",
"versionStartIncluding": "4.72.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk\u0027s internal network of any files ending in the following extensions: yaml, yml or json."
},
{
"lang": "es",
"value": "Todas las versiones de snyk-broker posteriores a 4.72.0 e incluy\u00e9ndola y anteriores a 4.73.1, son vulnerables a una Lectura de Archivos Arbitraria. Permite lecturas de archivos arbitrarias a usuarios con acceso en la red interna de Snyk de cualquiera de los archivos que termine en las siguientes extensiones: yaml, yml o json."
}
],
"id": "CVE-2020-7650",
"lastModified": "2024-11-21T05:37:32.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-29T22:15:10.693",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
},
{
"source": "report@snyk.io",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7648
Vulnerability from fkie_nvd - Published: 2020-05-29 22:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607 | Patch, Vendor Advisory | |
| report@snyk.io | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synk:broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2ED432-0E9E-4AF6-9DFB-30AC1E3BB915",
"versionEndExcluding": "4.72.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk\u0027s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`"
},
{
"lang": "es",
"value": "Todas las versiones de snyk-broker anteriores a 4.72.2, son vulnerables a una Lectura de Archivos Arbitraria. Permite lecturas de archivos arbitrarias para los usuarios que tienen acceso en la red interna de Snyk al a\u00f1adir la URL con un identificador de fragmento y una ruta en la lista blanca, por ejemplo \"#package.json\"."
}
],
"id": "CVE-2020-7648",
"lastModified": "2024-11-21T05:37:32.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-29T22:15:10.613",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
},
{
"source": "report@snyk.io",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7651
Vulnerability from fkie_nvd - Published: 2020-05-29 21:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610 | Patch, Vendor Advisory | |
| report@snyk.io | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synk:broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47C52763-BD9C-4480-AD54-98BBFC73DB1E",
"versionEndExcluding": "4.79.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk\u0027s internal network via patch history from GitHub Commits API."
},
{
"lang": "es",
"value": "Todas las versiones de snyk-broker anteriores a 4.79.0, son vulnerables a una Lectura de Archivo Arbitraria. Permite lecturas parciales de archivos para los usuarios que tienen acceso a la red interna de Snyk por medio del historial de parches de la API de GitHub Commits."
}
],
"id": "CVE-2020-7651",
"lastModified": "2024-11-21T05:37:32.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-29T21:15:10.083",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
},
{
"source": "report@snyk.io",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7652
Vulnerability from fkie_nvd - Published: 2020-05-29 21:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611 | Patch, Vendor Advisory | |
| report@snyk.io | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synk:broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7135D796-E9C1-409E-B7A1-2F30B152143E",
"versionEndExcluding": "4.80.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network via directory traversal."
},
{
"lang": "es",
"value": "Todas las versiones de snyk-broker anteriores a 4.80.0, son vulnerables a una Lectura de Archivo Arbitraria. Permite lecturas de archivos arbitrarias para usuarios con acceso a la red interna de Snyk por medio de un salto de directorio."
}
],
"id": "CVE-2020-7652",
"lastModified": "2024-11-21T05:37:32.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-29T21:15:10.163",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
},
{
"source": "report@snyk.io",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7653
Vulnerability from fkie_nvd - Published: 2020-05-29 21:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612 | Patch, Vendor Advisory | |
| report@snyk.io | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://updates.snyk.io/snyk-broker-security-fixes-152338 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synk:broker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7135D796-E9C1-409E-B7A1-2F30B152143E",
"versionEndExcluding": "4.80.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network by creating symlinks to match whitelisted paths."
},
{
"lang": "es",
"value": "Todas las versiones de snyk-broker anteriores a 4.80.0, son vulnerables a una Lectura de Archivos Arbitraria. Permite lecturas de archivos arbitrarias para usuarios con acceso a la red interna de Snyk, al crear enlaces simb\u00f3licos que coincidan con las rutas en la lista blanca."
}
],
"id": "CVE-2020-7653",
"lastModified": "2024-11-21T05:37:32.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-29T21:15:10.227",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"source": "report@snyk.io",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7650 (GCVE-0-2020-7650)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:11 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions after 4.72.0 including and before 4.73.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions after 4.72.0 including and before 4.73.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk\u0027s internal network of any files ending in the following extensions: yaml, yml or json."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:11:39",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions after 4.72.0 including and before 4.73.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk\u0027s internal network of any files ending in the following extensions: yaml, yml or json."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7650",
"datePublished": "2020-05-29T21:11:39",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7654 (GCVE-0-2020-7654)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:09 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
Severity ?
No CVSS data available.
CWE
- Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.73.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:20.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.73.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:09:15",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.73.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7654",
"datePublished": "2020-05-29T21:09:15",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:20.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7648 (GCVE-0-2020-7648)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:06 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.72.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.72.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk\u0027s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:06:49",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.72.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk\u0027s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7648",
"datePublished": "2020-05-29T21:06:49",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7651 (GCVE-0-2020-7651)
Vulnerability from cvelistv5 – Published: 2020-05-29 20:53 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
all versions before 4.79.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 4.79.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk\u0027s internal network via patch history from GitHub Commits API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:53:29",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "all versions before 4.79.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk\u0027s internal network via patch history from GitHub Commits API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7651",
"datePublished": "2020-05-29T20:53:29",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7652 (GCVE-0-2020-7652)
Vulnerability from cvelistv5 – Published: 2020-05-29 20:46 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.80.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.80.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network via directory traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:59:42",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.80.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network via directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7652",
"datePublished": "2020-05-29T20:46:35",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7653 (GCVE-0-2020-7653)
Vulnerability from cvelistv5 – Published: 2020-05-29 20:40 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.80.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.80.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network by creating symlinks to match whitelisted paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:40:22",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.80.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network by creating symlinks to match whitelisted paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7653",
"datePublished": "2020-05-29T20:40:22",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7650 (GCVE-0-2020-7650)
Vulnerability from nvd – Published: 2020-05-29 21:11 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions after 4.72.0 including and before 4.73.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions after 4.72.0 including and before 4.73.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk\u0027s internal network of any files ending in the following extensions: yaml, yml or json."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:11:39",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions after 4.72.0 including and before 4.73.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk\u0027s internal network of any files ending in the following extensions: yaml, yml or json."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7650",
"datePublished": "2020-05-29T21:11:39",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7654 (GCVE-0-2020-7654)
Vulnerability from nvd – Published: 2020-05-29 21:09 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
Severity ?
No CVSS data available.
CWE
- Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.73.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:20.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.73.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:09:15",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.73.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7654",
"datePublished": "2020-05-29T21:09:15",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:20.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7648 (GCVE-0-2020-7648)
Vulnerability from nvd – Published: 2020-05-29 21:06 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.72.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.72.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk\u0027s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:06:49",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.72.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk\u0027s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7648",
"datePublished": "2020-05-29T21:06:49",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7651 (GCVE-0-2020-7651)
Vulnerability from nvd – Published: 2020-05-29 20:53 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
all versions before 4.79.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 4.79.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk\u0027s internal network via patch history from GitHub Commits API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:53:29",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "all versions before 4.79.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk\u0027s internal network via patch history from GitHub Commits API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7651",
"datePublished": "2020-05-29T20:53:29",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7652 (GCVE-0-2020-7652)
Vulnerability from nvd – Published: 2020-05-29 20:46 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.80.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.80.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network via directory traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:59:42",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.80.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network via directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7652",
"datePublished": "2020-05-29T20:46:35",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7653 (GCVE-0-2020-7653)
Vulnerability from nvd – Published: 2020-05-29 20:40 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Severity ?
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.80.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.80.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network by creating symlinks to match whitelisted paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:40:22",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.80.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network by creating symlinks to match whitelisted paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7653",
"datePublished": "2020-05-29T20:40:22",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}