CVE-2020-10871

Published: Mar 23, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further

Affected (2)

Products: Openwrt: Luci

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openwrt Luci	Version git-20.049.11521-bebfe20
Openwrt Luci	Version git-20.078.22902-0ed0d42

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://github.com/openwrt/luci/issues/3563#issuecomment-578522860

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/openwrt/luci/issues/3653#issue-567892007

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/openwrt/luci/issues/3766

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/openwrt/luci/issues/3563#issuecomment-578522860

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/openwrt/luci/issues/3653#issue-567892007

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/openwrt/luci/issues/3766

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.