Lucene search

SuseCVELIST:CVE-2020-8031

HistoryFeb 11, 2021 - 3:10 p.m.

CVE-2020-8031 obs: Stored XSS

2021-02-1115:10:15

CWE-79

suse

www.cve.org

cve-2020-8031; stored xss; open build service; remote attackers; markdown; confidentiality; integrity; version 2.10.8

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

31.2%

JSON

A Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.

CNA Affected

[
  {
    "product": "Open Build Service",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "2.10.8",
        "status": "affected",
        "version": "Open Build Service",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1178880