exploitDog

CVE-2020-26161

Опубликовано: 26 окт. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.

Ссылки

https://github.com/OctopusDeploy
Third Party Advisory
https://github.com/OctopusDeploy/Issues/issues/6622
Issue Tracking
Third Party Advisory
https://github.com/OctopusDeploy/Issues/issues/6627
Issue Tracking
Third Party Advisory
https://github.com/OctopusDeploy
Third Party Advisory
https://github.com/OctopusDeploy/Issues/issues/6622
Issue Tracking
Third Party Advisory
https://github.com/OctopusDeploy/Issues/issues/6627
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:octopus:octopus_deploy:*:*:*:*:*:*:*:*

Версия от 2019.8.2 (включая) до 2020.4.2 (включая)

EPSS

Процентиль: 45%

0.0023

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-6ccf-f672-cpvv

CVSS3: 6.1

github

больше 3 лет назад

In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.

EPSS

Процентиль: 45%

0.0023

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601