CVE-2020-7652

Опубликовано: 29 мая 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.

Ссылки

https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611
Patch
Vendor Advisory
https://updates.snyk.io/snyk-broker-security-fixes-152338
Vendor Advisory
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611
Patch
Vendor Advisory
https://updates.snyk.io/snyk-broker-security-fixes-152338
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:synk:broker:*:*:*:*:*:*:*:*

Версия до 4.80.0 (исключая)

EPSS

Процентиль: 61%

0.00406

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-x7m2-6g99-84w5