exploitDog

GHSA-h3w9-w8vh-9fqg

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.1

Описание

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.

Ссылки

EPSS

Процентиль: 33%

0.00131

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-276

Связанные уязвимости

CVE-2020-5906

CVSS3: 8.1

nvd

больше 5 лет назад

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP.

EPSS

Процентиль: 33%

0.00131

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-276