CVE-2020-17520 — MEDIUM (6.5)

Vulnerability Description

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Pulsar Manager	0.1.0

References

https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866dbMailing ListVendor Advisory
https://lists.apache.org/thread.html/rb8b3025f8b507dec0b66791df408cdaf2d155866dbMailing ListVendor Advisory

FAQ

What is CVE-2020-17520?

CVE-2020-17520 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

How severe is CVE-2020-17520?

CVE-2020-17520 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-17520?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Pulsar Manager.