CVE-2020-19005 — MEDIUM (5.7)

Vulnerability Description

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Zrlog	Zrlog	2.1.0

Related Weaknesses (CWE)

CWE-863

References

https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43baPatchThird Party Advisory
https://github.com/94fzb/zrlog/issues/48Issue TrackingThird Party Advisory
https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43baPatchThird Party Advisory
https://github.com/94fzb/zrlog/issues/48Issue TrackingThird Party Advisory

FAQ

What is CVE-2020-19005?

CVE-2020-19005 is a vulnerability with a CVSS score of 5.7 (MEDIUM). zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.

How severe is CVE-2020-19005?

CVE-2020-19005 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-19005?

Check the references section above for vendor advisories and patch information. Affected products include: Zrlog Zrlog.