CVE-2020-8284 Vulnerability Details

  /     /     /  

CVE-2020-8284 Metadata Quick Info

CVE Published: 14/12/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: hackerone | Vendor: n/a | Product: https://github.com/curl/curl
Status : PUBLISHED

CVE-2020-8284 Description

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: Information Disclosure (CWE-200)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: