7.5

CVE-2020-11976

EPSS 2.03%
Veröffentlicht 11.08.2020 19:15:17
Zuletzt bearbeitet 21.11.2024 04:59:01
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

NVD 8 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Fortress Version2.0.5

Apache ≫ Wicket Version < 7.17.0

Apache ≫ Wicket Version >= 8.0.0 < 8.9.0

Apache ≫ Wicket Version9.0.0 Updatemilestone1

Apache ≫ Wicket Version9.0.0 Updatemilestone2

Apache ≫ Wicket Version9.0.0 Updatemilestone3

Apache ≫ Wicket Version9.0.0 Updatemilestone4

Apache ≫ Wicket Version9.0.0 Updatemilestone5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.03%	0.832

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://lists.apache.org/thread.html/r05340178680eb6b9d4d40d56b5621dd4ae9715e6f41f12ae2288ec49%40%3Cdev.directory.apache.org%3E

https://lists.apache.org/thread.html/r104eeefeb1e9da51f7ef79cef0f9ff12e21ef8559b77801e86b21e16%40%3Cusers.wicket.apache.org%3E

Vendor Advisory

Mailing List

Release Notes

https://lists.apache.org/thread.html/r982c626dbce5c995223c4a6ddd7685de3592f8d65ba8372da1f3ce19%40%3Cdev.directory.apache.org%3E

https://lists.apache.org/thread.html/rd0f36b83cc9f28b016ec552f023fb5a59a9ea8db56f2b9dcc6a2f6b7%40%3Ccommits.directory.apache.org%3E

https://lists.apache.org/thread.html/rd26cae6e30b205e09e4b511d3d962d4f677c0c604f737997ce1b2f22%40%3Cdev.directory.apache.org%3E

https://lists.apache.org/thread.html/rdec0a43afdca59c10416889e07267f3d2fdf4ab929a6e22a2659b6ff%40%3Cdev.directory.apache.org%3E

https://lists.apache.org/thread.html/re4af65851bf69605cfb68be215eba36d4cdc1a90b95fbc894799d923%40%3Cdev.directory.apache.org%3E

https://lists.apache.org/thread.html/reb7ea8141c713b5b19eaf34c00f43aaebf5a1c116130f763c42bdad1%40%3Cdev.directory.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2020-11976

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11976

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11976

EUVD