Vulnerability Details : CVE-2020-5289
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater.
Vulnerability category: BypassGain privilege
Products affected by CVE-2020-5289
- cpe:2.3:a:elide:elide:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5289
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5289
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
2.3
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2020-5289
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security-advisories@github.com (Secondary)
-
The product makes files or directories accessible to unauthorized actors, even though they should not be.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-5289
-
https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc
Enforce ReadPermission for filter joins by wcekan · Pull Request #1236 · yahoo/elide · GitHubPatch
-
https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v
Read permissions not enforced for client provided filter expressions. · Advisory · yahoo/elide · GitHubThird Party Advisory
-
https://github.com/yahoo/elide/pull/1236
Enforce ReadPermission for filter joins by wcekan · Pull Request #1236 · yahoo/elide · GitHubPatch;Third Party Advisory
Jump to