cvelistv5 - cve-2020-5230

CVE-2020-5230 (GCVE-0-2020-5230)

Vulnerability from cvelistv5 – Published: 2020-01-30 20:55 – Updated: 2024-08-04 08:22

Summary

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/opencast/opencast/security/adv…	x_refsource_CONFIRM
	https://github.com/opencast/opencast/commit/bbb47…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	opencast	opencast	Affected: < 7.6 Affected: >= 8.0, < 8.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "opencast",
          "vendor": "opencast",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0, \u003c 8.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-99",
              "description": "CWE-99: Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-30T20:55:14",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317"
        }
      ],
      "source": {
        "advisory": "GHSA-w29m-fjp4-qhmq",
        "discovery": "UNKNOWN"
      },
      "title": "Opencast uses unsafe identifiers",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5230",
          "STATE": "PUBLIC",
          "TITLE": "Opencast uses unsafe identifiers"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "opencast",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 7.6"
                          },
                          {
                            "version_value": "\u003e= 8.0, \u003c 8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "opencast"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-99: Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq",
              "refsource": "CONFIRM",
              "url": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq"
            },
            {
              "name": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317",
              "refsource": "MISC",
              "url": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-w29m-fjp4-qhmq",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5230",
    "datePublished": "2020-01-30T20:55:14",
    "dateReserved": "2020-01-02T00:00:00",
    "dateUpdated": "2024-08-04T08:22:09.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.6\", \"matchCriteriaId\": \"7056094F-6E63-4BFB-B8A3-125746BA882C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apereo:opencast:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A82AABB-ACF6-4017-99E8-4DA90CE416D7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\\u2026) vs Id.compact(\\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.\"}, {\"lang\": \"es\", \"value\": \"Opencast anterior a las versiones  8.1 y 7.6 permite utilizar identificadores casi arbitrarios para paquetes y elementos de medios. Esto puede ser problem\\u00e1tico para la operaci\\u00f3n y la seguridad, ya que tales identificadores a veces se usan para las operaciones del sistema de archivos, lo que puede llevar a un atacante a escapar de directorios de trabajo y escribir archivos en otras ubicaciones. Adem\\u00e1s, el comportamiento Id.toString (...) vs Id.compact (...) de Opencast, este \\u00faltimo tratando de mitigar algunos de los problemas del sistema de archivos, puede causar errores debido a la falta de coincidencia del identificador ya que un identificador puede cambiar involuntariamente. Este problema se soluciona en Opencast 7.6 y 8.1.\"}]",
      "id": "CVE-2020-5230",
      "lastModified": "2024-11-21T05:33:43.470",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-01-30T21:15:15.167",
      "references": "[{\"url\": \"https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-99\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5230\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-01-30T21:15:15.167\",\"lastModified\":\"2024-11-21T05:33:43.470\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.\"},{\"lang\":\"es\",\"value\":\"Opencast anterior a las versiones  8.1 y 7.6 permite utilizar identificadores casi arbitrarios para paquetes y elementos de medios. Esto puede ser problem\u00e1tico para la operaci\u00f3n y la seguridad, ya que tales identificadores a veces se usan para las operaciones del sistema de archivos, lo que puede llevar a un atacante a escapar de directorios de trabajo y escribir archivos en otras ubicaciones. Adem\u00e1s, el comportamiento Id.toString (...) vs Id.compact (...) de Opencast, este \u00faltimo tratando de mitigar algunos de los problemas del sistema de archivos, puede causar errores debido a la falta de coincidencia del identificador ya que un identificador puede cambiar involuntariamente. Este problema se soluciona en Opencast 7.6 y 8.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-99\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.6\",\"matchCriteriaId\":\"7056094F-6E63-4BFB-B8A3-125746BA882C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apereo:opencast:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A82AABB-ACF6-4017-99E8-4DA90CE416D7\"}]}]}],\"references\":[{\"url\":\"https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-5230

Vulnerability from fkie_nvd - Published: 2020-01-30 21:15 - Updated: 2024-11-21 05:33

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317	Patch
security-advisories@github.com	https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq	Third Party Advisory

Impacted products

	Vendor	Product	Version
	apereo	opencast	*
	apereo	opencast	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7056094F-6E63-4BFB-B8A3-125746BA882C",
              "versionEndExcluding": "7.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apereo:opencast:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A82AABB-ACF6-4017-99E8-4DA90CE416D7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1."
    },
    {
      "lang": "es",
      "value": "Opencast anterior a las versiones  8.1 y 7.6 permite utilizar identificadores casi arbitrarios para paquetes y elementos de medios. Esto puede ser problem\u00e1tico para la operaci\u00f3n y la seguridad, ya que tales identificadores a veces se usan para las operaciones del sistema de archivos, lo que puede llevar a un atacante a escapar de directorios de trabajo y escribir archivos en otras ubicaciones. Adem\u00e1s, el comportamiento Id.toString (...) vs Id.compact (...) de Opencast, este \u00faltimo tratando de mitigar algunos de los problemas del sistema de archivos, puede causar errores debido a la falta de coincidencia del identificador ya que un identificador puede cambiar involuntariamente. Este problema se soluciona en Opencast 7.6 y 8.1."
    }
  ],
  "id": "CVE-2020-5230",
  "lastModified": "2024-11-21T05:33:43.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-30T21:15:15.167",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-99"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-W29M-FJP4-QHMQ

Vulnerability from github – Published: 2020-01-30 21:21 – Updated: 2021-01-14 17:45

Summary

Unsafe Identifiers in Opencast

Details

Impact

Opencast allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations.

In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change.

Patches

This issue is fixed in Opencast 7.6 and 8.1.

Workarounds

There is no workaround for this.

For more information

If you have any questions or comments about this advisory:

Open an issue in opencast/opencast
For security-relevant information, email us at security@opencast.org

Severity ?

7.7 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.opencastproject:base"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.opencastproject:base"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0"
            },
            {
              "fixed": "8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-99"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-01-30T20:35:35Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nOpencast allows almost arbitrary identifiers for media packages and\nelements to be used. This can be problematic for operation and security\nsince such identifiers are sometimes used for file system operations\nwhich may lead to an attacker being able to escape working directories and\nwrite files to other locations.\n\nIn addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior,\nthe latter trying to mitigate some of the file system problems, can\ncause errors due to identifier mismatch since an identifier may\nunintentionally change.\n\n### Patches\n\nThis issue is fixed in Opencast 7.6 and 8.1.\n\n### Workarounds\n\nThere is no workaround for this.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Open an issue in [opencast/opencast](https://github.com/opencast/opencast/issues)\n- For security-relevant information, email us at security@opencast.org",
  "id": "GHSA-w29m-fjp4-qhmq",
  "modified": "2021-01-14T17:45:47Z",
  "published": "2020-01-30T21:21:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5230"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unsafe Identifiers in Opencast"
}

CNVD-2020-12673

Vulnerability from cnvd - Published: 2020-02-18

Title

Opencast存在未明漏洞

Description

Opencast是一套免费的开源视频管理解决方案，它具有可扩展、可定制和低成本等特点。 Opencast中存在安全漏洞。该漏洞源于用户输入构造命令、数据结构或记录的操作过程中，网络系统或产品缺乏对用户输入数据的正确验证，未过滤或未正确过滤掉其中的特殊元素，导致系统或产品产生解析或解释方式错误。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Opencast存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq

Reference

https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317

Impacted products

Name
['Opencast Opencast <8.1', 'Opencast Opencast <7.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5230",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-5230"
    }
  },
  "description": "Opencast\u662f\u4e00\u5957\u514d\u8d39\u7684\u5f00\u6e90\u89c6\u9891\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u5177\u6709\u53ef\u6269\u5c55\u3001\u53ef\u5b9a\u5236\u548c\u4f4e\u6210\u672c\u7b49\u7279\u70b9\u3002\n\nOpencast\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u8f93\u5165\u6784\u9020\u547d\u4ee4\u3001\u6570\u636e\u7ed3\u6784\u6216\u8bb0\u5f55\u7684\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u672a\u8fc7\u6ee4\u6216\u672a\u6b63\u786e\u8fc7\u6ee4\u6389\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u5bfc\u81f4\u7cfb\u7edf\u6216\u4ea7\u54c1\u4ea7\u751f\u89e3\u6790\u6216\u89e3\u91ca\u65b9\u5f0f\u9519\u8bef\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-12673",
  "openTime": "2020-02-18",
  "patchDescription": "Opencast\u662f\u4e00\u5957\u514d\u8d39\u7684\u5f00\u6e90\u89c6\u9891\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff0c\u5b83\u5177\u6709\u53ef\u6269\u5c55\u3001\u53ef\u5b9a\u5236\u548c\u4f4e\u6210\u672c\u7b49\u7279\u70b9\u3002\r\n\r\nOpencast\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u8f93\u5165\u6784\u9020\u547d\u4ee4\u3001\u6570\u636e\u7ed3\u6784\u6216\u8bb0\u5f55\u7684\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u672a\u8fc7\u6ee4\u6216\u672a\u6b63\u786e\u8fc7\u6ee4\u6389\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u5bfc\u81f4\u7cfb\u7edf\u6216\u4ea7\u54c1\u4ea7\u751f\u89e3\u6790\u6216\u89e3\u91ca\u65b9\u5f0f\u9519\u8bef\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Opencast\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Opencast Opencast \u003c8.1",
      "Opencast Opencast \u003c7.6"
    ]
  },
  "referenceLink": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-14",
  "title": "Opencast\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

GSD-2020-5230

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5230

Aliases

CVE-2020-5230

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5230",
    "description": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.",
    "id": "GSD-2020-5230"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5230"
      ],
      "details": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.",
      "id": "GSD-2020-5230",
      "modified": "2023-12-13T01:22:03.127777Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5230",
        "STATE": "PUBLIC",
        "TITLE": "Opencast uses unsafe identifiers"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "opencast",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 7.6"
                        },
                        {
                          "version_value": "\u003e= 8.0, \u003c 8.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "opencast"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-99: Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq",
            "refsource": "CONFIRM",
            "url": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq"
          },
          {
            "name": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317",
            "refsource": "MISC",
            "url": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-w29m-fjp4-qhmq",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,7.6),[8.0,8.1)",
          "affected_versions": "All versions before 7.6, all versions starting from 8.0 before 8.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-74",
            "CWE-937"
          ],
          "date": "2021-01-14",
          "description": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1.",
          "fixed_versions": [
            "7.6",
            "8.1"
          ],
          "identifier": "CVE-2020-5230",
          "identifiers": [
            "GHSA-w29m-fjp4-qhmq",
            "CVE-2020-5230"
          ],
          "not_impacted": "All versions starting from 7.6 before 8.0, all versions starting from 8.1",
          "package_slug": "maven/org.opencastproject/base",
          "pubdate": "2020-01-30",
          "solution": "Upgrade to versions 7.6, 8.1 or above.",
          "title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
          "urls": [
            "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq",
            "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5230",
            "https://github.com/advisories/GHSA-w29m-fjp4-qhmq"
          ],
          "uuid": "ea3951a6-5b0c-4120-af5d-76f90d15d742"
        },
        {
          "affected_range": "(,7.6),[8.0]",
          "affected_versions": "All versions before 7.6, version 8.0",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-74",
            "CWE-937"
          ],
          "date": "2020-02-10",
          "description": "Opencast allows near-arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s `Id.toString()` vs `Id.compact()` behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change.",
          "fixed_versions": [
            "7.6",
            "8.1"
          ],
          "identifier": "CVE-2020-5230",
          "identifiers": [
            "CVE-2020-5230",
            "GHSA-w29m-fjp4-qhmq"
          ],
          "not_impacted": "All versions starting from 7.6 before 8.0, all versions after 8.0",
          "package_slug": "maven/org.opencastproject/opencast-common",
          "pubdate": "2020-01-30",
          "solution": "Upgrade to versions 7.6, 8.1 or above.",
          "title": "Injection Vulnerability",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5230"
          ],
          "uuid": "ab6bbfdf-9798-4a01-8a47-01ec37557fce"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apereo:opencast:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5230"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast\u0027s Id.toString(\u2026) vs Id.compact(\u2026) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/opencast/opencast/security/advisories/GHSA-w29m-fjp4-qhmq"
            },
            {
              "name": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/opencast/opencast/commit/bbb473f34ab95497d6c432c81285efb0c739f317"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-02-10T21:55Z",
      "publishedDate": "2020-01-30T21:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5230 (GCVE-0-2020-5230)

FKIE_CVE-2020-5230

GHSA-W29M-FJP4-QHMQ

Impact

Patches

Workarounds

For more information

CNVD-2020-12673

GSD-2020-5230

Tags

Sightings

Nomenclature