CVE-2020-9708 Vulnerability Details

  /     /     /  

CVE-2020-9708 Metadata Quick Info

CVE Published: 14/08/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: adobe | Vendor: Adobe | Product: Helix
Status : PUBLISHED

---

CVE-2020-9708 Description

The resolveRepositoryPath function doesn\'t properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository.

Metrics

CVSS Version: 3.1 | Base Score: 5.9 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-24
CWE Name: CWE-24 Path Traversal: ../filedir
Source: Adobe

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).