Lucene search

[email protected]NVD:CVE-2020-4048

HistoryJun 12, 2020 - 4:15 p.m.

CVE-2020-4048

2020-06-1216:15:10

CWE-601

[email protected]

web.nvd.nist.gov

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

41.0%

JSON

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

Affected configurations

NVD

Node

wordpresswordpressRange3.7–3.7.34

wordpresswordpressRange3.8–3.8.34

wordpresswordpressRange3.9–3.9.32

wordpresswordpressRange4.0–4.0.31

wordpresswordpressRange4.1–4.1.31

wordpresswordpressRange4.2–4.2.28

wordpresswordpressRange4.3–4.3.24

wordpresswordpressRange4.4–4.4.23

wordpresswordpressRange4.5–4.5.22

wordpresswordpressRange4.6–4.6.19

wordpresswordpressRange4.7–4.7.18

wordpresswordpressRange4.8–4.8.14

wordpresswordpressRange4.9–4.9.15

wordpresswordpressRange5.0–5.0.10

wordpresswordpressRange5.1–5.1.6

wordpresswordpressRange5.2–5.2.7

wordpresswordpressRange5.3.0–5.3.4

wordpresswordpressRange5.4–5.4.2

Node

fedoraprojectfedoraMatch32

fedoraprojectfedoraMatch33

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

References

github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693

github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5

lists.debian.org/debian-lts-announce/2020/07/msg00000.html

lists.debian.org/debian-lts-announce/2020/09/msg00011.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/773N2ZV7QEMBGKH6FBKI6Q5S3YJMW357/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ODNHXVJS25YVWYQHOCICXTLIN5UYJFDN/

wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

www.debian.org/security/2020/dsa-4709

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

41.0%

JSON

Related for NVD:CVE-2020-4048

osv6 ubuntucve1 wpvulndb1 prion1 cvelist1 debiancve1 veracode1 cve1 nessus6 debian4 openvas7 fedora2