Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-8021
HistoryMay 19, 2020 - 12:00 a.m.

CVE-2020-8021

2020-05-1900:00:00
ubuntu.com
ubuntu.com
8
cve-2020-8021
remote attackers
read files
obs package
source access
disabled
open build service
versions prior to 2.10.5
unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

61.3%

a Improper Access Control vulnerability in of Open Build Service allows
remote attackers to read files of an OBS package where the
sourceaccess/access is disabled This issue affects: Open Build Service
versions prior to 2.10.5.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

61.3%