Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25767 | 1 Jetbrains | 1 Youtrack | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution. | |||||
| CVE-2021-25774 | 1 Jetbrains | 1 Teamcity | 2021-02-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | |||||
| CVE-2020-8734 | 1 Intel | 2 M10jnp2sb, M10jnp2sb Firmware | 2021-02-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0035 | 1 Juniper | 1 Junos | 2021-02-05 | 7.2 HIGH | 6.8 MEDIUM |
| When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on systems booted from an OAM (Operations, Administration, and Maintenance) volume, leading to a possible administrative bypass with physical access to the console. OAM volumes (e.g. flash drives) are typically instantiated as /dev/gpt/oam, or /oam for short. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D160; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R6-S6, 16.1R7-S3; 16.1X65 versions prior to 16.1X65-D49; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S2; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1. | |||||
| CVE-2019-0069 | 1 Juniper | 12 Acx5000, Ex4600, Junos and 9 more | 2021-02-05 | 2.1 LOW | 5.5 MEDIUM |
| On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to authenticate, the credentials used during device authentication are written to a log file in clear text. This issue does not affect users that are logging-in using telnet, SSH or J-web to the management IP. This issue affects ACX, NFX, SRX, EX and QFX platforms with the Linux Host OS architecture, it does not affect other SRX and EX platforms that do not use the Linux Host OS architecture. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D110 on vSRX, SRX1500, SRX4000 Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5110, QFX5200 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 17.1 versions prior to 17.1R2-S8, 17.1R3, on QFX5110, QFX5200, QFX10K Series; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3 on QFX5110, QFX5200, QFX10K Series; 17.3 versions prior to 17.3R2 on vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series; 14.1X53 versions prior to 14.1X53-D47 on ACX5000, EX4600, QFX5100 Series; 15.1 versions prior to 15.1R7 on ACX5000, EX4600, QFX5100 Series; 16.1R7 versions prior to 16.1R7 on ACX5000, EX4600, QFX5100 Series; 17.1 versions prior to 17.1R2-S10, 17.1R3 on ACX5000, EX4600, QFX5100 Series; 17.2 versions prior to 17.2R3 on ACX5000, EX4600, QFX5100 Series; 17.3 versions prior to 17.3R3 on ACX5000, EX4600, QFX5100 Series; 17.4 versions prior to 17.4R2 on ACX5000, EX4600, QFX5100 Series; 18.1 versions prior to 18.1R2 on ACX5000, EX4600, QFX5100 Series; 15.1X53 versions prior to 15.1X53-D496 on NFX Series, 17.2 versions prior to 17.2R3-S1 on NFX Series; 17.3 versions prior to 17.3R3-S4 on NFX Series; 17.4 versions prior to 17.4R2-S4, 17.4R3 on NFX Series, 18.1 versions prior to 18.1R3-S4 on NFX Series; 18.2 versions prior to 18.2R2-S3, 18.2R3 on NFX Series; 18.3 versions prior to 18.3R1-S3, 18.3R2 on NFX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on NFX Series. | |||||
| CVE-2019-0074 | 1 Juniper | 6 Ex9200, Junos, Nfx150 and 3 more | 2021-02-05 | 2.1 LOW | 5.5 MEDIUM |
| A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series devices with Next-Generation Routing Engine (NG-RE) allows a local authenticated user to read sensitive system files. This issue only affects NFX150 Series and QFX10K Series, EX9200 Series, MX Series and PTX Series with Next-Generation Routing Engine (NG-RE) which uses vmhost. This issue affects Juniper Networks Junos OS on NFX150 Series and QFX10K, EX9200 Series, MX Series and PTX Series with NG-RE and vmhost: 15.1F versions prior to 15.1F6-S12 16.1 versions starting from 16.1R6 and later releases, including the Service Releases, prior to 16.1R6-S6, 16.1R7-S3; 17.1 versions prior to 17.1R3; 17.2 versions starting from 17.2R1-S3, 17.2R3 and later releases, including the Service Releases, prior to 17.2R3-S1; 17.3 versions starting from 17.3R1-S1, 17.3R2 and later releases, including the Service Releases, prior to 17.3R3-S3; 17.4 versions starting from 17.4R1 and later releases, including the Service Releases, prior to 17.4R1-S6, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2; 18.4 versions prior to 18.4R1-S1, 18.4R2. This issue does not affect: Juniper Networks Junos OS 15.1 and 16.2. | |||||
| CVE-2021-25236 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep. | |||||
| CVE-2021-25237 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. | |||||
| CVE-2021-25238 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port. | |||||
| CVE-2021-25239 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes. | |||||
| CVE-2021-25240 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information. | |||||
| CVE-2021-25241 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep. | |||||
| CVE-2021-25242 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information. | |||||
| CVE-2021-25243 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information. | |||||
| CVE-2017-12239 | 1 Cisco | 1 Ios Xe | 2021-02-05 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132. | |||||
| CVE-2021-25910 | 1 Zivautomation | 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware | 2021-02-05 | 3.3 LOW | 6.5 MEDIUM |
| Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user. | |||||
| CVE-2021-25756 | 1 Jetbrains | 1 Intellij Idea | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. | |||||
| CVE-2021-0343 | 1 Google | 1 Android | 2021-02-05 | 7.2 HIGH | 6.7 MEDIUM |
| In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962. | |||||
| CVE-2021-25757 | 1 Jetbrains | 1 Hub | 2021-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In JetBrains Hub before 2020.1.12629, an open redirect was possible. | |||||
| CVE-2021-25760 | 1 Jetbrains | 1 Hub | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. | |||||
| CVE-2020-4640 | 1 Ibm | 1 Api Connect | 2021-02-04 | 3.8 LOW | 4.1 MEDIUM |
| Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510. | |||||
| CVE-2020-4828 | 1 Ibm | 1 Api Connect | 2021-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842. | |||||
| CVE-2020-4827 | 1 Ibm | 1 Api Connect | 2021-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841. | |||||
| CVE-2020-4826 | 1 Ibm | 1 Api Connect | 2021-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840. | |||||
| CVE-2020-4825 | 1 Ibm | 1 Api Connect | 2021-02-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839. | |||||
| CVE-2020-5032 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2021-02-04 | 3.3 LOW | 4.3 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178. | |||||
| CVE-2021-25772 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. | |||||
| CVE-2021-25777 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | |||||
| CVE-2020-4934 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2021-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752. | |||||
| CVE-2021-25771 | 1 Jetbrains | 1 Youtrack | 2021-02-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed. | |||||
| CVE-2020-25035 | 1 Ucopia | 1 Express Wireless Appliance | 2021-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322. | |||||
| CVE-2021-25773 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. | |||||
| CVE-2020-14192 | 1 Atlassian | 2 Crucible, Fisheye | 2021-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. | |||||
| CVE-2020-35652 | 1 Digium | 1 Asterisk | 2021-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. | |||||
| CVE-2020-35482 | 1 Solarwinds | 1 Serv-u | 2021-02-04 | 3.5 LOW | 5.4 MEDIUM |
| SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. | |||||
| CVE-2021-3395 | 1 Pryaniki | 1 Pryaniki | 2021-02-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment. | |||||
| CVE-2020-26272 | 1 Electronjs | 1 Electron | 2021-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue. | |||||
| CVE-2020-1723 | 1 Redhat | 1 Mobile Application Platform | 2021-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable. | |||||
| CVE-2021-20185 | 1 Moodle | 1 Moodle | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages. | |||||
| CVE-2021-23328 | 1 Iniparserjs Project | 1 Iniparserjs | 2021-02-04 | 6.8 MEDIUM | 5.6 MEDIUM |
| This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | |||||
| CVE-2020-29164 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2021-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS). | |||||
| CVE-2020-24666 | 1 Hitachi | 1 Vantara Pentaho | 2021-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1 | |||||
| CVE-2020-24664 | 1 Hitachi | 1 Vantara Pentaho | 2021-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | |||||
| CVE-2021-3340 | 1 Wikindx Project | 1 Wikindx | 2021-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php. | |||||
| CVE-2020-24665 | 1 Hitachi | 1 Vantara Pentaho | 2021-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA | |||||
| CVE-2020-24669 | 1 Hitachi | 1 Vantara Pentaho | 2021-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. | |||||
| CVE-2020-24670 | 1 Hitachi | 1 Vantara Pentaho | 2021-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. | |||||
| CVE-2021-1071 | 1 Nvidia | 7 Jetson Agx Xavier, Jetson Nano, Jetson Nano 2gb and 4 more | 2021-02-04 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure. | |||||
| CVE-2021-26067 | 1 Atlassian | 1 Bamboo | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2. | |||||
| CVE-2020-26230 | 1 Radarcovid | 2 Radar-covid-backend-dp3t-server, Radarcovid | 2021-02-04 | 2.6 LOW | 5.3 MEDIUM |
| Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID TEKs to the Radar COVID server is possible. This vulnerability enables the identification and de-anonymization of COVID-19 positive users when using Radar COVID. The vulnerability is caused by the fact that Radar COVID connections to the server (uploading of TEKs to the backend) are only made by COVID-19 positives. Therefore, any on-path observer with the ability to monitor traffic between the app and the server can identify which users had a positive test. Such an adversary can be the mobile network operator (MNO) if the connection is done through a mobile network, the Internet Service Provider (ISP) if the connection is done through the Internet (e.g., a home network), a VPN provider used by the user, the local network operator in the case of enterprise networks, or any eavesdropper with access to the same network (WiFi or Ethernet) as the user as could be the case of public WiFi hotspots deployed at shopping centers, airports, hotels, and coffee shops. The attacker may also de-anonymize the user. For this additional stage to succeed, the adversary needs to correlate Radar COVID traffic to other identifiable information from the victim. This could be achieved by associating the connection to a contract with the name of the victim or by associating Radar COVID traffic to other user-generated flows containing identifiers in the clear (e.g., HTTP cookies or other mobile flows sending unique identifiers like the IMEI or the AAID without encryption). The former can be executed, for instance, by the Internet Service Provider or the MNO. The latter can be executed by any on-path adversary, such as the network provider or even the cloud provider that hosts more than one service accessed by the victim. The farther the adversary is either from the victim (the client) or the end-point (the server), the less likely it may be that the adversary has access to re-identification information. The vulnerability has been mitigated with the injection of dummy traffic from the application to the backend. Dummy traffic is generated by all users independently of whether they are COVID-19 positive or not. The issue was fixed in iOS in version 1.0.8 (uniform distribution), 1.1.0 (exponential distribution), Android in version 1.0.7 (uniform distribution), 1.1.0 (exponential distribution), Backend in version 1.1.2-RELEASE. For more information see the referenced GitHub Security Advisory. | |||||