Vulnerability CVE-2020-7650
Published: 2020-05-29   Modified: 2020-05-30

Description:
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
SYNK -> Broker 

 References:
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609
https://updates.snyk.io/snyk-broker-security-fixes-152338
Copyright 2024, cxsecurity.com

 

Back to Top