Vulnerability Details : CVE-2020-13650
An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service.
Vulnerability category: Server-side request forgery (SSRF)
Products affected by CVE-2020-13650
- cpe:2.3:a:digdash:digdash:2018r2:-:*:*:*:*:*:*
- cpe:2.3:a:digdash:digdash:2019r1:-:*:*:*:*:*:*
- cpe:2.3:a:digdash:digdash:2019r2:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13650
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-13650
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-13650
-
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13650
-
https://know.bishopfox.com/advisories/digdash-version-2018
DigDash Enterprise: Versions 2018R2-2020R1Third Party Advisory
Jump to