CVE-2020-13963

Sažetak

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).

Reference

https://forum.soplanning.org/viewforum.php?f=8
https://labs.integrity.pt/advisories/cve-2020-13963/
https://cwe.mitre.org/data/definitions/321.html

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-11-2022 - 02:04

Objavljeno

21-03-2021 - 21:15