Описание
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.4.1 (исключая)
cpe:2.3:a:whitesourcesoftware:whitesource:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00241
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-116
Связанные уязвимости
github
больше 3 лет назад
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries.
EPSS
Процентиль: 47%
0.00241
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-116