CVE Vulnerability

CVE-2020-9300

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Netflix/dispatch/releases/tag/v20201106 Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:netflix:dispatch:*:*:*:*:*:*:*:*
Information

Published : 2020-11-09 03:15

Updated : 2020-11-18 02:49

NVD link : CVE-2020-9300

Mitre link : CVE-2020-9300

Products Affected
No products.
CWE
NVD-CWE-Other