CVE-2020-10871

** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openwrt:luci:git-20.049.11521-bebfe20:*:*:*:*:*:*:*
cpe:2.3:a:openwrt:luci:git-20.078.22902-0ed0d42:*:*:*:*:*:*:*

Information

Published : 2020-03-23 13:15

Updated : 2020-03-30 14:32


NVD link : CVE-2020-10871

Mitre link : CVE-2020-10871


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

openwrt

  • luci