Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-26259
HistoryDec 16, 2020 - 12:00 a.m.

CVE-2020-26259

2020-12-1600:00:00
ubuntu.com
ubuntu.com
6

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.576 Medium

EPSS

Percentile

97.6%

XStream is a Java library to serialize objects to XML and back again. In
XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion
on the local host when unmarshalling. The vulnerability may allow a remote
attacker to delete arbitrary know files on the host as log as the executing
process has sufficient rights only by manipulating the processed input
stream. If you rely on XStream’s default blacklist of the Security
Framework, you will have to use at least version 1.4.15. The reported
vulnerability does not exist running Java 15 or higher. No user is
affected, who followed the recommendation to setup XStream’s Security
Framework with a whitelist! Anyone relying on XStream’s default blacklist
can immediately switch to a whilelist for the allowed types to avoid the
vulnerability. Users of XStream 1.4.14 or below who still want to use
XStream default blacklist can use a workaround described in more detailed
in the referenced advisories.

Bugs

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.576 Medium

EPSS

Percentile

97.6%