CVE-2020-26205

Опубликовано: 29 окт. 2020

Источник: nvd

CVSS3: 7.6

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.

Ссылки

https://github.com/salopensource/sal/commit/145bb72daf8460bdedbbc9fb708d346283e7a568
Patch
Third Party Advisory
https://github.com/salopensource/sal/pull/405
Third Party Advisory
https://github.com/salopensource/sal/commit/145bb72daf8460bdedbbc9fb708d346283e7a568
Patch
Third Party Advisory
https://github.com/salopensource/sal/pull/405
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sal_project:sal:*:*:*:*:*:*:*:*

Версия до 4.1.6 (включая)

EPSS

Процентиль: 37%

0.00162

Низкий

7.6 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8h77-x5wf-wqr6

github

больше 3 лет назад

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.

EPSS

Процентиль: 37%

0.00162

Низкий

7.6 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79