CVE-2020-10944

{"id": "CVE-2020-10944", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-04-28T14:15:14.173", "references": [{"url": "https://github.com/hashicorp/nomad/issues/7468", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/hashicorp/nomad/issues/7468", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5."}, {"lang": "es", "value": "HashiCorp Nomad y Nomad Enterprise versiones hasta 0.10.4, conten\u00edan una vulnerabilidad de tipo cross-site scripting tal que los archivos de una carga de trabajo maliciosa pod\u00eda causar que un JavaScript arbitrario se ejecutara en la Interfaz de Usuario web. Corregido en la versi\u00f3n 0.10.5."}], "lastModified": "2024-11-21T04:56:25.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7AA3EDF-3FDB-4C72-9878-ED4B528C0678", "versionEndExcluding": "0.10.5", "versionStartIncluding": "0.3"}, {"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "35390BBA-1A07-4FC5-B86C-E92B43D48091", "versionEndExcluding": "0.10.5", "versionStartIncluding": "0.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}