Vulnerability Description
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osu | Ohio Supercomputer Center Open Ondemand | < 1.7.19 |
Related Weaknesses (CWE)
References
- https://discourse.osc.edu/t/security-fix-in-open-ondemand-1-8-18-and-1-7-19-patcRelease NotesVendor Advisory
- https://github.com/OSC/Open-OnDemand/commits/masterRelease NotesThird Party Advisory
- https://listsprd.osu.edu/pipermail/ood-users/Broken LinkVendor Advisory
- https://discourse.osc.edu/t/security-fix-in-open-ondemand-1-8-18-and-1-7-19-patcRelease NotesVendor Advisory
- https://github.com/OSC/Open-OnDemand/commits/masterRelease NotesThird Party Advisory
- https://listsprd.osu.edu/pipermail/ood-users/Broken LinkVendor Advisory
FAQ
What is CVE-2020-27958?
CVE-2020-27958 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.
How severe is CVE-2020-27958?
CVE-2020-27958 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27958?
Check the references section above for vendor advisories and patch information. Affected products include: Osu Ohio Supercomputer Center Open Ondemand.