Lucene search

[email protected]NVD:CVE-2020-15102

HistoryJul 21, 2020 - 6:15 p.m.

CVE-2020-15102

2020-07-2118:15:19

CWE-862

CWE-284

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.4%

JSON

In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.

Affected configurations

Nvd

Node

prestashopdashboard_productsRange<2.1.0

VendorProductVersionCPE
prestashopdashboard_products*cpe:2.3:a:prestashop:dashboard_products:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
prestashop	dashboard_products	*	cpe:2.3:a:prestashop:dashboard_products::::::::

References

github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e

github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

19.4%

JSON

Related for NVD:CVE-2020-15102

osv1 cvelist1 cve1 prion1