Lucene search

[email protected]NVD:CVE-2020-20472

HistoryJun 21, 2021 - 5:15 a.m.

CVE-2020-20472

2021-06-2105:15:06

CWE-306

[email protected]

web.nvd.nist.gov

white shark system

sensitive information disclosure

authentication operation

remote attackers

username information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

65.1%

JSON

White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.

Affected configurations

Nvd

Node

white_shark_systems_projectwhite_shark_systemsMatch1.3.2

VendorProductVersionCPE
white_shark_systems_projectwhite_shark_systems1.3.2cpe:2.3:a:white_shark_systems_project:white_shark_systems:1.3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
white_shark_systems_project	white_shark_systems	1.3.2	cpe:2.3:a:white_shark_systems_project:white_shark_systems:1.3.2:::::::*

References

github.com/itodaro/WhiteSharkSystem_cve

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

65.1%

JSON

Related for NVD:CVE-2020-20472

prion1 cvelist1 cve1