Vulnerability Description
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openwrt | Luci | git-20.049.11521-bebfe20 |
Related Weaknesses (CWE)
References
- https://github.com/openwrt/luci/issues/3563#issuecomment-578522860PatchThird Party Advisory
- https://github.com/openwrt/luci/issues/3653#issue-567892007ExploitThird Party Advisory
- https://github.com/openwrt/luci/issues/3766ExploitThird Party Advisory
- https://github.com/openwrt/luci/issues/3563#issuecomment-578522860PatchThird Party Advisory
- https://github.com/openwrt/luci/issues/3653#issue-567892007ExploitThird Party Advisory
- https://github.com/openwrt/luci/issues/3766ExploitThird Party Advisory
FAQ
What is CVE-2020-10871?
CVE-2020-10871 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances re...
How severe is CVE-2020-10871?
CVE-2020-10871 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10871?
Check the references section above for vendor advisories and patch information. Affected products include: Openwrt Luci.