exploitDog

CVE-2020-15952

Опубликовано: 05 нояб. 2020

Источник: nvd

CVSS3: 9

CVSS2: 6

EPSS Низкий

Описание

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.

Ссылки

https://labs.bishopfox.com/advisories
Exploit
Third Party Advisory
https://labs.bishopfox.com/advisories/immuta-version-2.8.2
Release Notes
Third Party Advisory
https://www.immuta.com/
Product
https://labs.bishopfox.com/advisories
Exploit
Third Party Advisory
https://labs.bishopfox.com/advisories/immuta-version-2.8.2
Release Notes
Third Party Advisory
https://www.immuta.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:immuta:immuta:2.8.2:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01009

Низкий

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6vmv-5g75-qpqc

github

больше 3 лет назад

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.

EPSS

Процентиль: 77%

0.01009

Низкий

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79