CVE-2020-9300 Vulnerability Details

  /     /     /  

CVE-2020-9300 Metadata Quick Info

CVE Published: 09/11/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: netflix | Vendor: n/a | Product: Netflix Dispatch
Status : PUBLISHED

---

CVE-2020-9300 Description

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Multiple Multiple Access Control Issues in Dispatch
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).