CVE-2020-14337

Medium

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an…

redhat·CWE-209·Published 2020-07-31

CVSS

5.8

EPSS

0.01

KEV

Exploits

cve.orgen

311 chars

A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.

NVDen

311 chars

NVDes

367 chars

Se encontró un fallo de exposición de datos en Tower, donde fueron revelados datos confidenciales de los códigos de error de retorno HTTP. Este fallo permite a un atacante no autenticado remoto recuperar páginas de la organización predeterminada y comprobar los nombres de usuario presentes. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N