CVE-2020-7650
Published May 29, 2020
Last updated 3 years ago
Overview
- Description
- All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
- Source
- report@snyk.io
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synk:broker:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DDA2139-3BF4-48CA-9336-1934DB1373D2",
"versionEndExcluding": "4.73.1",
"versionStartIncluding": "4.72.0"
}
],
"operator": "OR"
}
]
}
]