exploitDog

CVE-2020-21990

Опубликовано: 29 апр. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.

Ссылки

https://www.exploit-db.com/exploits/47824
Exploit
Third Party Advisory
VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5555.php
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/47824
Exploit
Third Party Advisory
VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5555.php
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:domoticz:mydomoathome:0.240:*:*:*:*:node.js:*:*

EPSS

Процентиль: 79%

0.01308

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-x5c3-r34h-xf45

github

больше 3 лет назад

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.

EPSS

Процентиль: 79%

0.01308

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863