Lucene search

[email protected]NVD:CVE-2020-15230

HistoryOct 02, 2020 - 7:15 p.m.

CVE-2020-15230

2020-10-0219:15:12

CWE-22

[email protected]

web.nvd.nist.gov

vapor

web framework

swift

attack

filemiddleware

filesystem paths

arbitrary access

cve-2020-15230

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

44.4%

JSON

Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4.

Affected configurations

Nvd

Node

vapor_projectvaporRange<4.29.4swift

VendorProductVersionCPE
vapor_projectvapor*cpe:2.3:a:vapor_project:vapor:*:*:*:*:*:swift:*:*

Vendor	Product	Version	CPE
vapor_project	vapor	*	cpe:2.3:a:vapor_project:vapor::::::swift::*

References

github.com/vapor/vapor/commit/cf1651f7ff76515593f4d8ca6e6e15d2247fe255

github.com/vapor/vapor/pull/2500

github.com/vapor/vapor/security/advisories/GHSA-vcvg-xgr8-p5gq

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

44.4%

JSON

Related for NVD:CVE-2020-15230

osv2 github1 cvelist1 prion1 gitlab1 cve1