CVE-2020-36232
CVE-2020-36232
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
22 feb 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.
Productos afectados
Atlassian · Atlassian Gadgets¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →