Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/22 5:42 p.m.7 views

CVE-2020-5289

In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The...

6.8CVSS6.7AI score0.01251EPSS
Exploits0References1
cvelist
cvelist
added 2020/03/30 9:20 p.m.19 views

CVE-2020-5289 Read permissions not enforced for client provided filter expressions in Elide http client

In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The...

6.8CVSS6.5AI score0.01251EPSS
Exploits0References3
cve
cve
added 2020/03/30 9:20 p.m.94 views

CVE-2020-5289

In Elide before 4.5.14, an adversary can infer the value of a model field they cannot access by crafting client-side filter expressions to reveal presence/absence of models in a collection, effectively reconstructing the inaccessible field. This arises from read-permission checks not enforcing co...

6.8CVSS6.3AI score0.01251EPSS
Exploits0References3Affected Software1
vulnersosv
vulnersosv
added 2020/03/30 8:9 p.m.7 views

com.spotify:apollo-elide (>=0.0.1 <=0.0.3), com.yahoo.elide:dropwizard-elide (>=2.3.0 <=3.2.2) +17 more potentially affected by CVE-2020-5289 via com.yahoo.elide:elide-core (>=1.0.0.1 <=4.5.13)

com.yahoo.elide:elide-core MAVEN version =1.0.0.1, =0.0.1, =2.3.0, =1.0.0.8, =1.0.0.6, =1.0.0.6, =1.0.0.6, =4.4.0, =1.0.0.6, =3.0.0, =4.5.0, =1.0.0.1, =1.0.0.1, =1.0.0.1, =4.0-beta-1, =4.5.12, =4.5.13 and more Source cves: CVE-2020-5289 Source advisory: OSV:GHSA-2MXR-89GF-RC4V...

6.8CVSS6.6AI score0.01251EPSS
Exploits0
Rows per page
Query Builder