** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.
References
Link | Resource |
---|---|
https://github.com/openwrt/luci/issues/3766 | Exploit Third Party Advisory |
https://github.com/openwrt/luci/issues/3653#issue-567892007 | Exploit Third Party Advisory |
https://github.com/openwrt/luci/issues/3563#issuecomment-578522860 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-03-23 13:15
Updated : 2020-03-30 14:32
NVD link : CVE-2020-10871
Mitre link : CVE-2020-10871
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
openwrt
- luci