Vulnerability CVE-2020-24368

Vulnerability Name:

CVE-2020-24368 (CCN-186987)

Assigned:

2020-08-14

Published:

2020-08-14

Updated:

2022-12-13

Summary:

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-24368

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
icinga-cve202024368-dir-traversal(186987)

Source: cve@mitre.org
Type: Release Notes, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Icinga Web2 GIT Repository
Possible path traversal when serving static image files #4226

Source: cve@mitre.org
Type: Exploit, Issue Tracking, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202024368	V	CVE-2020-24368	2022-06-30
oval:org.opensuse.security:def:112428	P	icingacli-2.8.4-1.6 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105934	P	icingacli-2.8.4-1.6 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:64760	P	Security update for sssd (Important)	2021-09-03
oval:org.opensuse.security:def:64560	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:63315	P	apache2-mod_apparmor-2.13.6-1.31 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63137	P	clamsap-0.101.9-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63511	P	python2-Werkzeug-1.0.1-1.10 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63373	P	sblim-sfcb-1.4.9-5.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:64516	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:74626	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:64652	P	Security update for postgresql13 (Moderate)	2021-02-22
oval:org.opensuse.security:def:64653	P	Security update for postgresql12 (Moderate)	2021-02-22
oval:org.opensuse.security:def:64448	P	Security update for gcc7 (Moderate)	2020-12-10
oval:org.opensuse.security:def:63608	P	argyllcms-1.9.2-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62715	P	python-tk-2.7.17-7.38.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63109	P	python3-keystoneclient-3.15.0-2.33 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62691	P	libpango-1_0-0-32bit-1.44.7+11-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62692	P	libplist++-devel-2.0.0-1.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63105	P	python3-keystoneclient-3.15.0-2.33 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63171	P	memcached-1.5.6-2.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63112	P	aws-cli-1.18.38-8.8.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62892	P	cargo-1.33.0-1.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25386	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25775	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:64304	P	libXi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64064	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25329	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:74500	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:25761	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:63737	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25248	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:75107	P	Security update for icingaweb2 (Important)	2020-12-01
oval:org.opensuse.security:def:25121	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:74974	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:25673	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:64187	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26492	P	Security update for icingaweb2 (Important)	2020-12-01
oval:org.opensuse.security:def:25057	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:65032	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:64406	P	libxkbcommon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25620	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:63958	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:26457	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:64920	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:25470	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:63811	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25819	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:25046	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:64862	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:64198	P	ruby2.5-rubygem-activejob-5_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:100246	P	(Important)	2020-11-20
oval:org.opensuse.security:def:109723	P	Security update for icingaweb2 (Important)	2020-10-16
oval:org.opensuse.security:def:103066	P	Security update for icingaweb2 (Important)	2020-10-16
oval:org.opensuse.security:def:110250	P	Security update for icingaweb2 (Important)	2020-10-16
oval:org.opensuse.security:def:93533	P	Security update for icingaweb2 (Important)	2020-10-16
oval:org.opensuse.security:def:110802	P	Security update for icingaweb2 (Important)	2020-10-16
oval:org.opensuse.security:def:96376	P	Security update for icingaweb2 (Important)	2020-10-16

BACK