ByteOS Network

NVD Vulnerability Details :

CVE-2020-9300

Analyzed

Source-security-report@netflix.com

Published At-09 Nov, 2020 | 15:15

Updated At-18 Nov, 2020 | 14:49

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:P/I:N/A:N

CPE Matches

netflix>>dispatch>>Versions before 20201106(exclusive)

cpe:2.3:a:netflix:dispatch:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/Netflix/dispatch/releases/tag/v20201106	security-report@netflix.com	Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md	security-report@netflix.com	Third Party Advisory

Hyperlink: https://github.com/Netflix/dispatch/releases/tag/v20201106

Source: security-report@netflix.com

Resource:

Third Party Advisory

Hyperlink: https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md

Source: security-report@netflix.com

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History