Vulnerability CVE-2020-7651


Published: 2020-05-29

Description:
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
SYNK -> Broker 

 References:
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610
https://updates.snyk.io/snyk-broker-security-fixes-152338

Copyright 2024, cxsecurity.com

 

Back to Top