Lucene search
+L
SynkBroker

6 matches found

CVE
CVE
added 2020/05/29 9:11 p.m.99 views

CVE-2020-7650

Snyk-Broker versions 4.72.0+ up to 4.73.0are vulnerable to Arbitrary File Read, exposing files ending in .yaml, .yml, or .json to users with access to Snyk’s internal network. The issue is fixed in 4.73.1 per the connected advisories; upgrade to 4.73.1 or later to mitigate.

6.5CVSS6.5AI score0.0113EPSS
CVE
CVE
added 2020/05/29 9:9 p.m.95 views

CVE-2020-7654

CVE-2020-7654 affects snyk-broker: all versions before 4.73.1 are vulnerable to information exposure because private keys can be logged when the logger is at DEBUG level. The issue is reported consistently across multiple sources (Red Hat, GHSA, NVD, OSV, CNVD, Veracode, etc.). No additional tech...

7.5CVSS7.4AI score0.01122EPSS
CVE
CVE
added 2020/05/29 8:40 p.m.94 views

CVE-2020-7653

All referenced sources describe a vulnerability in snyk-broker: versions before 4.80.0 are susceptible to Arbitrary File Read. The root cause is an information-disclosure flaw where an attacker could read arbitrary files by exploiting symlinks to match whitelisted internal paths, usable by users ...

6.5CVSS6.5AI score0.0113EPSS
CVE
CVE
added 2020/05/29 9:6 p.m.91 views

CVE-2020-7648

The CVE-2020-7648 vulnerability affects the Snyk-broker proxy: all versions prior to 4.72.2 are vulnerable to Arbitrary File Read. An attacker with internal-network access can read files by appending a URL fragment (e.g., #package.json) to a whitelisted path, enabling information disclosure. Affe...

6.5CVSS6.5AI score0.0113EPSS
CVE
CVE
added 2020/05/29 8:53 p.m.89 views

CVE-2020-7651

Mode C: CVE-2020-7651 affects snyk-broker; all versions before 4.79.0 are vulnerable to an Arbitrary File Read. The flaw permits partial reads of internal network data via patch history from the GitHub Commits API. Root cause: insufficient access controls exposing internal resources to users with...

4.3CVSS4.4AI score0.01115EPSS
CVE
CVE
added 2020/05/29 8:46 p.m.88 views

CVE-2020-7652

CVE-2020-7652 affects snyk-broker prior to 4.80.0 and causes Arbitrary File Read via directory traversal for users with access to Snyk’s internal network. A fix is available in version 4.80.0 (and later).

6.5CVSS6.5AI score0.01685EPSS