CVE-2020-27219
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
En todas las versiones de Eclipse Hawkbit anteriores a 0.3.0M7, el cuerpo de respuesta JSON HTTP 404 (No Found) devuelto mediante la API REST puede contener caracteres no seguros dentro del atributo de ruta. El envío de una petición POST a un recurso no existente devolverá la ruta completa desde la URL dada sin escapar al cliente
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-10-19 CVE Reserved
- 2021-01-14 CVE Published
- 2023-09-30 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/eclipse/hawkbit/issues/1067 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=570289 | 2021-01-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eclipse Search vendor "Eclipse" | Hawkbit Search vendor "Eclipse" for product "Hawkbit" | <= 0.2.5 Search vendor "Eclipse" for product "Hawkbit" and version " <= 0.2.5" | - |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Hawkbit Search vendor "Eclipse" for product "Hawkbit" | 0.3.0 Search vendor "Eclipse" for product "Hawkbit" and version "0.3.0" | m1 |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Hawkbit Search vendor "Eclipse" for product "Hawkbit" | 0.3.0 Search vendor "Eclipse" for product "Hawkbit" and version "0.3.0" | m2 |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Hawkbit Search vendor "Eclipse" for product "Hawkbit" | 0.3.0 Search vendor "Eclipse" for product "Hawkbit" and version "0.3.0" | m3 |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Hawkbit Search vendor "Eclipse" for product "Hawkbit" | 0.3.0 Search vendor "Eclipse" for product "Hawkbit" and version "0.3.0" | m4 |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Hawkbit Search vendor "Eclipse" for product "Hawkbit" | 0.3.0 Search vendor "Eclipse" for product "Hawkbit" and version "0.3.0" | m5 |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Hawkbit Search vendor "Eclipse" for product "Hawkbit" | 0.3.0 Search vendor "Eclipse" for product "Hawkbit" and version "0.3.0" | m6 |
Affected
| ||||||