Vulnerability Details CVE-2020-5304
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://medium.com/%40venkatajayaram.yalla/whitesource-log-injection-vulnerability-cve-2020-5304-e543b7943c2b
- https://www.whitesourcesoftware.com/oss_security_vulnerabilities/
- https://medium.com/%40venkatajayaram.yalla/whitesource-log-injection-vulnerability-cve-2020-5304-e543b7943c2b
- https://www.whitesourcesoftware.com/oss_security_vulnerabilities/
Products affected by CVE-2020-5304
-
cpe:2.3:a:whitesourcesoftware:whitesource:*