CVE-2020-27958

Опубликовано: 26 фев. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.

Ссылки

https://discourse.osc.edu/t/security-fix-in-open-ondemand-1-8-18-and-1-7-19-patch-releases-now-available/1198
Release Notes
Vendor Advisory
https://github.com/OSC/Open-OnDemand/commits/master
Release Notes
Third Party Advisory
https://listsprd.osu.edu/pipermail/ood-users/
Broken Link
Vendor Advisory
https://discourse.osc.edu/t/security-fix-in-open-ondemand-1-8-18-and-1-7-19-patch-releases-now-available/1198
Release Notes
Vendor Advisory
https://github.com/OSC/Open-OnDemand/commits/master
Release Notes
Third Party Advisory
https://listsprd.osu.edu/pipermail/ood-users/
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:osu:ohio_supercomputer_center_open_ondemand:*:*:*:*:*:*:*:*

Версия до 1.7.19 (исключая)

cpe:2.3:a:osu:ohio_supercomputer_center_open_ondemand:*:*:*:*:*:*:*:*

Версия от 1.8.0 (включая) до 1.8.18 (исключая)

EPSS

Процентиль: 44%

0.00216

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-116

Связанные уязвимости

GHSA-hch8-2pjr-ghx6