CVE-2020-17520

Опубликовано: 18 дек. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

Ссылки

https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E
Mailing List
Vendor Advisory
https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866db1c7a1a4bc621cd%40%3Cdev.pulsar.apache.org%3E
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:pulsar_manager:0.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00246

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-17520

CVSS3: 9.1

redhat

около 5 лет назад

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

GHSA-whwp-phv5-w844

github

больше 3 лет назад

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

EPSS

Процентиль: 48%

0.00246

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo