CVE-2020-11003 — MEDIUM (4.8)

Q: How severe is CVE-2020-11003?

CVE-2020-11003 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-11003?

Check the references section above for vendor advisories and patch information. Affected products include: Fraction Oasis.

Vulnerability Description

Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Fraction	Oasis	< 2.15.0

Related Weaknesses (CWE)

CWE-352

References

https://github.com/fraction/oasis/security/advisories/GHSA-j438-45hc-vjhmThird Party Advisory
https://github.com/fraction/oasis/security/advisories/GHSA-j438-45hc-vjhmThird Party Advisory

FAQ

What is CVE-2020-11003?

CVE-2020-11003 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious web...

How severe is CVE-2020-11003?

CVE-2020-11003 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11003?

Check the references section above for vendor advisories and patch information. Affected products include: Fraction Oasis.