ByteOS Network

NVD Vulnerability Details :

CVE-2020-10721

Analyzed

Source-secalert@redhat.com

Published At-22 Oct, 2020 | 20:15

Updated At-27 Oct, 2020 | 19:16

A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntail custom configuration, a malicious YAML configuration file on the local machine executing the maven plug-in could allow for deserialization of untrusted data resulting in arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.9

Base severity: MEDIUM

Vector:

AV:L/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Red Hat, Inc.

>>fabric8-maven>>Versions from 4.0.0(inclusive) to 4.4.1(inclusive)

cpe:2.3:a:redhat:fabric8-maven:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-502	Primary	nvd@nist.gov
CWE-502	Secondary	secalert@redhat.com

CWE ID: CWE-502

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-502

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1827201	secalert@redhat.com	Issue Tracking Vendor Advisory

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1827201

Source: secalert@redhat.com

Resource:

Issue Tracking

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History