CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.

CVSS v3 5.7 MEDIUM
CVSS v2.0 3.5 LOW

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba	Patch Third Party Advisory
https://github.com/94fzb/zrlog/issues/48	Issue Tracking Third Party Advisory
https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba	Patch Third Party Advisory
https://github.com/94fzb/zrlog/issues/48	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zrlog:zrlog:2.1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-08-25 22:15

Updated : 2024-11-21 05:08

NVD link : CVE-2020-19005

Mitre link : CVE-2020-19005

CVE.ORG link : CVE-2020-19005

JSON object : View

Products Affected

zrlog

zrlog

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2020-19005", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2020-08-25T22:15:11.537", "references": [{"url": "https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/94fzb/zrlog/issues/48", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/94fzb/zrlog/issues/48", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly."}, {"lang": "es", "value": "zrlog versi\u00f3n v2.1.0, presenta una vulnerabilidad con la comprobaci\u00f3n de permisos. Si la cuenta de administrador est\u00e1 conectada, otros usuarios no autorizados pueden descargar el archivo de copia de seguridad de la base de datos directamente"}], "lastModified": "2024-11-21T05:08:54.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zrlog:zrlog:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9405174E-51EC-48F0-BF91-16021060B7FE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}