6 matches found
CVE-2020-7650
Snyk-Broker versions 4.72.0+ up to 4.73.0are vulnerable to Arbitrary File Read, exposing files ending in .yaml, .yml, or .json to users with access to Snyk’s internal network. The issue is fixed in 4.73.1 per the connected advisories; upgrade to 4.73.1 or later to mitigate.
CVE-2020-7654
CVE-2020-7654 affects snyk-broker: all versions before 4.73.1 are vulnerable to information exposure because private keys can be logged when the logger is at DEBUG level. The issue is reported consistently across multiple sources (Red Hat, GHSA, NVD, OSV, CNVD, Veracode, etc.). No additional tech...
CVE-2020-7653
All referenced sources describe a vulnerability in snyk-broker: versions before 4.80.0 are susceptible to Arbitrary File Read. The root cause is an information-disclosure flaw where an attacker could read arbitrary files by exploiting symlinks to match whitelisted internal paths, usable by users ...
CVE-2020-7648
The CVE-2020-7648 vulnerability affects the Snyk-broker proxy: all versions prior to 4.72.2 are vulnerable to Arbitrary File Read. An attacker with internal-network access can read files by appending a URL fragment (e.g., #package.json) to a whitelisted path, enabling information disclosure. Affe...
CVE-2020-7651
Mode C: CVE-2020-7651 affects snyk-broker; all versions before 4.79.0 are vulnerable to an Arbitrary File Read. The flaw permits partial reads of internal network data via patch history from the GitHub Commits API. Root cause: insufficient access controls exposing internal resources to users with...
CVE-2020-7652
CVE-2020-7652 affects snyk-broker prior to 4.80.0 and causes Arbitrary File Read via directory traversal for users with access to Snyk’s internal network. A fix is available in version 4.80.0 (and later).