CVE-2020-9299 — MEDIUM (5.4)

Q: How severe is CVE-2020-9299?

CVE-2020-9299 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-9299?

Check the references section above for vendor advisories and patch information. Affected products include: Netflix Dispatch.

Vulnerability Description

There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Netflix	Dispatch	< 20201106

Related Weaknesses (CWE)

CWE-79

References

https://github.com/Netflix/dispatch/releases/tag/v20201106Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-0Third Party Advisory
https://github.com/Netflix/dispatch/releases/tag/v20201106Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-0Third Party Advisory

FAQ

What is CVE-2020-9299?

CVE-2020-9299 is a vulnerability with a CVSS score of 5.4 (MEDIUM). There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This v...

How severe is CVE-2020-9299?

CVE-2020-9299 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9299?

Check the references section above for vendor advisories and patch information. Affected products include: Netflix Dispatch.