Lucene search

[email protected]CVE-2020-24982

HistoryMar 15, 2021 - 6:15 p.m.

CVE-2020-24982

2021-03-1518:15:16

CWE-352

[email protected]

web.nvd.nist.gov

quadbase

expressdashboard

edab

cve-2020-24982

csrf

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.

Affected configurations

NVD

Node

quadbaseespressdashboardMatch7.0update9

CPENameOperatorVersion
quadbase:espressdashboardquadbase espressdashboardeq7.0

CPE	Name	Operator	Version
quadbase:espressdashboard	quadbase espressdashboard	eq	7.0

References

c41nc.co.uk/cve-2020-24982/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVE-2020-24982

nvd1 cvelist1 prion1