Vulnerability CVE-2020-15959

Vulnerability Name:

CVE-2020-15959 (CCN-187897)

Assigned:

2020-09-08

Published:

2020-09-08

Updated:

2021-01-30

Summary:

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

CVSS v3 Severity:

4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2020-15959

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1499

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1510

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1514

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1713

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update for Desktop

Source: MISC
Type: Release Notes, Vendor Advisory
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html

Source: MISC
Type: Permissions Required, Vendor Advisory
https://crbug.com/1122684

Source: XF
Type: UNKNOWN
google-chrome-cve202015959-sec-bypass(187897)

Source: FEDORA
Type: Third Party Advisory
FEDORA-2020-aea86f913e

Source: FEDORA
Type: Third Party Advisory
FEDORA-2020-2d994b986d

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-30

Source: DEBIAN
Type: Third Party Advisory
DSA-4824

Vulnerable Configuration:

Configuration 1:

cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 85.0.4183.102)

Configuration 2:

cpe:/a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

OR cpe:/a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*

OR cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202015959	V	CVE-2020-15959	2022-06-30
oval:org.opensuse.security:def:112066	P	chromedriver-93.0.4577.82-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:64833	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:64773	P	Security update for glibc (Moderate)	2021-12-08
oval:org.opensuse.security:def:64624	P	Security update for webkit2gtk3 (Important)	2021-12-02
oval:org.opensuse.security:def:64623	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:105615	P	chromedriver-93.0.4577.82-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:64571	P	Security update for apache2 (Important)	2021-09-03
oval:org.opensuse.security:def:63328	P	frr-7.4-2.25 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63341	P	libmariadb-devel-3.1.12-3.25.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63479	P	lame-3.100-1.33 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63122	P	aws-cli-1.18.117-8.11.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63384	P	vsftpd-3.0.3-7.16.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63125	P	kernel-azure-5.3.18-36.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63522	P	tiff-4.0.9-5.30.28 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:64731	P	Security update for the Linux Kernel (Important)	2021-07-15
oval:org.opensuse.security:def:64891	P	Security update for kubevirt (Moderate)	2021-07-09
oval:org.opensuse.security:def:64529	P	Security update for postgresql12 (Moderate)	2021-06-17
oval:org.opensuse.security:def:64528	P	Security update for postgresql10 (Moderate)	2021-06-14
oval:org.opensuse.security:def:62860	P	libtidy-devel-5.4.0-1.34 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:74637	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:64487	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:63076	P	openldap2-2.4.46-9.3.1 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:64459	P	Security update for gssproxy (Moderate)	2021-04-06
oval:org.opensuse.security:def:64666	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:64665	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:64272	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:63579	P	gstreamer-plugins-ugly-1.12.5-1.35 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63150	P	freeradius-server-3.0.16-1.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62660	P	libass-devel-0.14.0-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62683	P	libmodplug-devel-0.3.19-2.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63118	P	python3-keystoneclient-3.15.0-2.33 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63621	P	icedtea-web-1.7.1-5.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62703	P	libthai0-32bit-0.1.27-1.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62659	P	libXvnc-devel-1.9.0-19.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63139	P	apache2-2.4.33-1.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62726	P	wireshark-devel-3.2.2-3.35.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63080	P	java-1_8_0-ibm-1.8.0_sr6.5-3.33.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62903	P	jython-2.2.1-4.36 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63083	P	libncurses5-32bit-6.1-5.6.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62702	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63182	P	skopeo-0.1.26-2.39 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63108	P	aws-cli-1.16.61-6.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63286	P	libxmltooling-devel-1.6.4-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64416	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64315	P	libXxf86vm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64166	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:63748	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:74987	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:63782	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:64417	P	minicom on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64075	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:75120	P	Security update for opera (Important)	2020-12-01
oval:org.opensuse.security:def:63929	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:74468	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:64209	P	apparmor-abstractions on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64158	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:74594	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:63824	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:63971	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:74511	P	Security update for libvpx (Important)	2020-12-01
oval:org.opensuse.security:def:64200	P	ruby2.5-rubygem-nokogiri on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65003	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64875	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:63705	P	Security update for vim (Important)	2020-12-01
oval:org.opensuse.security:def:74945	P	Security update for uftpd (Moderate)	2020-12-01
oval:org.opensuse.security:def:64933	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:64374	P	libpulse-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64032	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:75078	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:65045	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:100236	P	(Moderate)	2020-10-28
oval:org.opensuse.security:def:110261	P	Security update for opera (Important)	2020-10-23
oval:org.opensuse.security:def:110815	P	Security update for opera (Important)	2020-10-23
oval:org.opensuse.security:def:93523	P	Security update for chromium (Important)	2020-09-24
oval:org.opensuse.security:def:109713	P	Security update for chromium (Important)	2020-09-23
oval:org.opensuse.security:def:103056	P	Security update for chromium (Important)	2020-09-23
oval:org.opensuse.security:def:96366	P	Security update for chromium (Important)	2020-09-23
oval:org.opensuse.security:def:110773	P	Security update for chromium (Important)	2020-09-22
oval:org.opensuse.security:def:110218	P	Security update for chromium (Important)	2020-09-22

BACK