CVE-2020-5404 Vulnerability Details

  /     /     /  

CVE-2020-5404 Metadata Quick Info

CVE Published: 03/03/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: pivotal | Vendor: Pivotal | Product: Reactor Netty
Status : PUBLISHED

---

CVE-2020-5404 Description

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-522
CWE Name: CWE-522: Insufficiently Protected Credentials
Source: Pivotal

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).