Vulnerability Details CVE-2020-4039
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved or deleted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.5%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 6.4
References