CVE-2020-5774

{"id": "CVE-2020-5774", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2020-08-21T13:15:14.333", "references": [{"url": "https://www.tenable.com/security/tns-2020-06", "tags": ["Patch", "Vendor Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/tns-2020-06", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session."}, {"lang": "es", "value": "Se detect\u00f3 que Nessus versiones 8.11.0 y anteriores, manten\u00eda sesiones m\u00e1s largas que el per\u00edodo permitido en determinados escenarios. La falta de una expiraci\u00f3n apropiada de la sesi\u00f3n podr\u00eda permitir a atacantes con acceso local iniciar sesi\u00f3n en una sesi\u00f3n de navegador existente."}], "lastModified": "2024-11-21T05:34:34.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79D27088-4B9E-4FAE-8EA3-2462915E0B55", "versionEndIncluding": "8.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}