8.8

CVE-2020-24614

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fossil-scmFossil Version < 2.10.2
Fossil-scmFossil Version >= 2.11.0 < 2.11.2
Fossil-scmFossil Version >= 2.12.0 < 2.12.1
FedoraprojectFedora Version32
FedoraprojectFedora Version33
OpensuseBackports Sle Version15.0 Updatesp1
OpensuseBackports Sle Version15.0 Updatesp2
OpensuseLeap Version15.1
OpensuseLeap Version15.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.12% 0.862
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00065.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2020/08/25/1
Third Party Advisory
Mailing List
https://fossil-scm.org/forum/info/a05ae3ce7760daf6
Vendor Advisory
https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARYF4YMYXCANXUDS3B3CA4JGUZNUJOJA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVZK4K7SFBQRCGCHS76HW2LTSEH2KSUM/
https://security.gentoo.org/glsa/202011-04
Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/08/20/1
Third Party Advisory
Mailing List