Lucene search

[email protected]CVE-2020-8031

HistoryFeb 11, 2021 - 3:15 p.m.

CVE-2020-8031

2021-02-1115:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-8031

open build service

xss

input neutralization

confidentiality

integrity

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

30.2%

JSON

A Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.

CPENameOperatorVersion
opensuse:open_build_serviceopensuse open build servicelt2.10.8

CPE	Name	Operator	Version
opensuse:open_build_service	opensuse open build service	lt	2.10.8

References

bugzilla.suse.com/show_bug.cgi?id=1178880

Social References

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for CVE-2020-8031

ubuntucve1 prion1 debiancve1