Lucene search

K
cve[email protected]CVE-2020-21485
HistoryJun 20, 2023 - 3:15 p.m.

CVE-2020-21485

2023-06-2015:15:11
CWE-79
web.nvd.nist.gov
16
cve-2020-21485
cross site scripting
alluxio v.1.8.1
remote code execution
security vulnerability
nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.0%

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.

Affected configurations

NVD
Node
alluxioalluxioMatch1.8.1
CPENameOperatorVersion
alluxio:alluxioalluxioeq1.8.1

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.0%

Related for CVE-2020-21485