CVE-2020-26207

{"id": "CVE-2020-26207", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2020-11-04T22:15:12.320", "references": [{"url": "https://github.com/martinjw/dbschemareader/commit/4c0ab7b1fd8c4e3140f9fd54d303f107a9c8d994", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/martinjw/dbschemareader/releases/tag/2.7.4.3", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/martinjw/dbschemareader/security/advisories/GHSA-rfjh-m356-mpqf", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/martinjw/dbschemareader/commit/4c0ab7b1fd8c4e3140f9fd54d303f107a9c8d994", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/martinjw/dbschemareader/releases/tag/2.7.4.3", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/martinjw/dbschemareader/security/advisories/GHSA-rfjh-m356-mpqf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened."}, {"lang": "es", "value": "DatabaseSchemaViewer versiones anteriores a 2.7.4.3, es vulnerable a una ejecuci\u00f3n de c\u00f3digo arbitraria si un usuario es enga\u00f1ado para que abra un archivo \".dbschema\" especialmente dise\u00f1ado. El parche fue publicado en la versi\u00f3n v2.7.4.3. Como soluci\u00f3n temporal, aseg\u00farese que los archivos \".dbschema\" de fuentes no confiables no est\u00e9n abiertos"}], "lastModified": "2024-11-21T05:19:31.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:databaseschemareader_project:dbschemareader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2B945CB-8395-4C6B-B267-7FD79CF8CE05", "versionEndExcluding": "2.7.4.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}