CVE-2020-15247 - Vulnerability Details

Vendors	Products
Octobercms	October

Link	Providers
https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982
https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "october", "vendor": "octobercms", "versions": [{"status": "affected", "version": ">= 1.0.319, < 1.0.469"}]}], "descriptions": [{"lang": "en", "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-23T19:35:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982"}], "source": {"advisory": "GHSA-94vp-rmqv-5875", "discovery": "UNKNOWN"}, "title": "Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15247", "STATE": "PUBLIC", "TITLE": "Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "october", "version": {"version_data": [{"version_value": ">= 1.0.319, < 1.0.469"}]}}]}, "vendor_name": "octobercms"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875", "refsource": "CONFIRM", "url": "https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875"}, {"name": "https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982", "refsource": "MISC", "url": "https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982"}]}, "source": {"advisory": "GHSA-94vp-rmqv-5875", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:23.232Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15247", "datePublished": "2020-11-23T19:35:14", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:23.232Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : october (string)

vendor : octobercms (string)

versions : [ »

0 : { »

status : affected (string)

version : >= 1.0.319, < 1.0.469 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 5.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-862 (string)

description : CWE-862 Missing Authorization (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-11-23T19:35:13 (string)

orgId : a0819718-46f1-4df5-94e2-005712e83aaa (string)

shortName : GitHub_M (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982 (string)

}

]

source : { »

advisory : GHSA-94vp-rmqv-5875 (string)

discovery : UNKNOWN (string)

}

title : Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. (string)

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security-advisories@github.com (string)

ID : CVE-2020-15247 (string)

STATE : PUBLIC (string)

TITLE : Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : october (string)

version : { »

version_data : [ »

0 : { »

version_value : >= 1.0.319, < 1.0.469 (string)

}

]

}

]

}

vendor_name : octobercms (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0. (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 5.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-862 Missing Authorization (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875 (string)

refsource : CONFIRM (string)

url : https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875 (string)

}

1 : { »

name : https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982 (string)

refsource : MISC (string)

url : https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982 (string)

}

]

}

source : { »

advisory : GHSA-94vp-rmqv-5875 (string)

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T13:08:23.232Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : a0819718-46f1-4df5-94e2-005712e83aaa (string)

assignerShortName : GitHub_M (string)

cveId : CVE-2020-15247 (string)

datePublished : 2020-11-23T19:35:14 (string)

dateReserved : 2020-06-25T00:00:00 (string)

dateUpdated : 2024-08-04T13:08:23.232Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABEFA590-9054-45DD-A177-D5EBEA49C5B7", "versionEndExcluding": "1.0.469", "versionStartIncluding": "1.0.319", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0."}, {"lang": "es", "value": "October es una plataforma CMS gratuita, de c\u00f3digo abierto y autohosteada basada en Laravel PHP Framework.&#xa0;En October CMS desde la versi\u00f3n 1.0.319 y anterior a versi\u00f3n 1.0.469, un usuario del backend autenticado con los permisos cms.manage_pages, cms.manage_layouts o cms.manage_partials que normalmente no estar\u00eda autorizado a proporcionar c\u00f3digo PHP para ser ejecutado por el CMS debido a que cms.enableSafeMode est\u00e1 habilitado, es capaz de escribir c\u00f3digo espec\u00edfico de Twig para escapar del sandbox de Twig y ejecutar PHP arbitrario.&#xa0;Esto no es un problema para cualquiera que conf\u00ede en sus usuarios con esos permisos para escribir y administrar PHP normalmente dentro del CMS al no tener cms.enableSafeMode habilitado, pero ser\u00eda un problema para cualquiera que conf\u00ede en cms.enableSafeMode para asegurarse de que los usuarios con esos permisos en producci\u00f3n no poseen acceso para escribir y ejecutar PHP arbitrario"}], "id": "CVE-2020-15247", "lastModified": "2024-11-21T05:05:10.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 3.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-23T20:15:12.383", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:* (string)

matchCriteriaId : ABEFA590-9054-45DD-A177-D5EBEA49C5B7 (string)

versionEndExcluding : 1.0.469 (string)

versionStartIncluding : 1.0.319 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write & manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write & execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0. (string)

}

1 : { »

lang : es (string)

value : October es una plataforma CMS gratuita, de código abierto y autohosteada basada en Laravel PHP Framework. En October CMS desde la versión 1.0.319 y anterior a versión 1.0.469, un usuario del backend autenticado con los permisos cms.manage_pages, cms.manage_layouts o cms.manage_partials que normalmente no estaría autorizado a proporcionar código PHP para ser ejecutado por el CMS debido a que cms.enableSafeMode está habilitado, es capaz de escribir código específico de Twig para escapar del sandbox de Twig y ejecutar PHP arbitrario. Esto no es un problema para cualquiera que confíe en sus usuarios con esos permisos para escribir y administrar PHP normalmente dentro del CMS al no tener cms.enableSafeMode habilitado, pero sería un problema para cualquiera que confíe en cms.enableSafeMode para asegurarse de que los usuarios con esos permisos en producción no poseen acceso para escribir y ejecutar PHP arbitrario (string)

}

]

id : CVE-2020-15247 (string)

lastModified : 2024-11-21T05:05:10.993 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 5.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 1.1 (number)

impactScore : 3.7 (number)

source : security-advisories@github.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 5.2 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 1.1 (number)

impactScore : 3.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-11-23T20:15:12.383 (string)

references : [ »

0 : { »

source : security-advisories@github.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982 (string)

}

1 : { »

source : security-advisories@github.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/octobercms/october/commit/4c650bb775ab849e48202a4923bac93bd74f9982 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/octobercms/october/security/advisories/GHSA-94vp-rmqv-5875 (string)

}

]

sourceIdentifier : security-advisories@github.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-862 (string)

}

]

source : security-advisories@github.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object