Lucene search

CVE-2020-15679

🗓️ 22 Dec 2022 20:10:15Reported by mozillaType

OAuth session fixation vulnerability in VPN login flow allowing unauthorized acces

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
OSV	CVE-2020-15679	22 Dec 202220:15	–	osv
Mozilla	OAuth session fixation vulnerability in Mozilla VPN — Mozilla	4 Nov 202000:00	–	mozilla
Vulnrichment	CVE-2020-15679	22 Dec 202200:00	–	vulnrichment
Prion	Session fixation	22 Dec 202220:15	–	prion
Cvelist	CVE-2020-15679	22 Dec 202200:00	–	cvelist
NVD	CVE-2020-15679	22 Dec 202220:15	–	nvd

Nvd

Vulners

Node

mozilla vpnRange<1.0.7_(929)iphone_os

mozilla vpnRange<1.2.2windows

mozilla vpnRange1.0.7–1.0.7_(929)ipados

mozilla vpnRange1.1.0–1.1.0_(1360)android

[
  {
    "vendor": "Mozilla",
    "product": "Mozilla VPN iOS 1.0.7",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "(929)",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Mozilla",
    "product": "Mozilla VPN Windows",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.2.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Mozilla",
    "product": "Mozilla VPN Android 1.1.0",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "(1360)",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b
mozilla	www.mozilla.org/security/advisories/mfsa2020-48/
github	www.github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9
github	www.github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Dec 2022 20:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS37.6

EPSS0.00316

SSVC

CWE-384