Lucene search

MitreCVELIST:CVE-2020-11465

HistoryApr 01, 2020 - 8:51 p.m.

CVE-2020-11465

2020-04-0120:51:46

mitre

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user’s privilege, allowing an attacker to control/install helpdesk applications and leak current applications’ configurations, including applications used as user sources (used for authentication). This enables an attacker to forge valid authentication models that resembles any user on the system.

References

blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro/

support.deskpro.com/en/news/posts/deskpro-security-update-2019-09

support.deskpro.com/en/news/posts/deskpro-v2019-8-0-released-security-update

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVELIST:CVE-2020-11465