CVE-2020-19003

{"id": "CVE-2020-19003", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-10-06T13:15:07.267", "references": [{"url": "https://cwe.mitre.org/data/definitions/290.html", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "https://github.com/liftoff/GateOne/issues/728", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cwe.mitre.org/data/definitions/290.html", "tags": ["Technical Description"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/liftoff/GateOne/issues/728", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list."}, {"lang": "es", "value": "Un problema en Gate One versi\u00f3n 1.2.0, permite a atacantes omitir la comprobaci\u00f3n realizada por la lista de or\u00edgenes y conectarse a instancias de Gate One usadas por hosts que no est\u00e1n en la lista de or\u00edgenes"}], "lastModified": "2024-11-21T05:08:54.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:liftoffsoftware:gate_one:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D59AF5C8-BA89-4BB5-AF30-78C8A84CC6E7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}