CVE-2020-26246

Опубликовано: 03 дек. 2020

Источник: nvd

CVSS3: 7.7

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.

Ссылки

https://github.com/pimcore/pimcore/pull/7618
Patch
Third Party Advisory
https://github.com/pimcore/pimcore/security/advisories/GHSA-7p8p-4253-3mg6
Third Party Advisory
https://github.com/pimcore/pimcore/pull/7618
Patch
Third Party Advisory
https://github.com/pimcore/pimcore/security/advisories/GHSA-7p8p-4253-3mg6
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*

Версия до 6.8.5 (исключая)

EPSS

Процентиль: 1%

0.00011

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

CWE-281

EPSS

Процентиль: 1%

0.00011

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

CWE-281