Lucene search

[email protected]NVD:CVE-2020-13922

HistoryJan 11, 2021 - 10:15 a.m.

CVE-2020-13922

2021-01-1110:15:13

CWE-264

CWE-276

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.2%

JSON

Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.

Affected configurations

NVD

Node

apachedolphinschedulerMatch1.2.0

apachedolphinschedulerMatch1.2.1

apachedolphinschedulerMatch1.3.1

References

www.mail-archive.com/announce%40apache.org/msg06076.html

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.2%

JSON

Related for NVD:CVE-2020-13922

prion1 osv3 github1 cvelist1 cve1 veracode1