• Type: Bug
• Resolution: Fixed
• Priority: High
• Fix Version/s: 7.3.1
• Affects Version/s: Companion-Legacy
• Component/s: Content - Edit Files / Companion
• Labels:

  • advisory
  • advisory-released
  • cve-2020-4020
  • cvss-high
  • injection
  • phase-2
  • rce
  • security
  • ssrf

[CONFSERVER-59733] Protection Mechanism Failure in file downloading in Companion - CVE-2020-4020

Collapse comment: Security Metrics Bot added a comment - 16/Apr/2020 8:37 PM

Security Metrics Bot added a comment - 16/Apr/2020 8:37 PM

This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 8.4 => High severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	High
User Interaction	Required

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	High
Integrity	High
Availability	High

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Expand comment: Security Metrics Bot added a comment - 16/Apr/2020 8:37 PM

Security Metrics Bot added a comment - 16/Apr/2020 8:37 PM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 8.4 => High severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required High User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality High Integrity High Availability High https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H