Search criteria
6 vulnerabilities by synk
CVE-2020-7650 (GCVE-0-2020-7650)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:11 – Updated: 2024-08-04 09:33
VLAI
Summary
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
Severity
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://updates.snyk.io/snyk-broker-security-fixe… | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions after 4.72.0 including and before 4.73.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions after 4.72.0 including and before 4.73.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk\u0027s internal network of any files ending in the following extensions: yaml, yml or json."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:11:39.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions after 4.72.0 including and before 4.73.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk\u0027s internal network of any files ending in the following extensions: yaml, yml or json."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7650",
"datePublished": "2020-05-29T21:11:39.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7654 (GCVE-0-2020-7654)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:09 – Updated: 2024-08-04 09:33
VLAI
Summary
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
Severity
No CVSS data available.
CWE
- Information Exposure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://updates.snyk.io/snyk-broker-security-fixe… | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.73.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:20.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.73.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:09:15.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.73.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7654",
"datePublished": "2020-05-29T21:09:15.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:20.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7648 (GCVE-0-2020-7648)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:06 – Updated: 2024-08-04 09:33
VLAI
Summary
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
Severity
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://updates.snyk.io/snyk-broker-security-fixe… | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.72.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.72.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk\u0027s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:06:49.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.72.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk\u0027s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7648",
"datePublished": "2020-05-29T21:06:49.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7651 (GCVE-0-2020-7651)
Vulnerability from cvelistv5 – Published: 2020-05-29 20:53 – Updated: 2024-08-04 09:33
VLAI
Summary
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.
Severity
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://updates.snyk.io/snyk-broker-security-fixe… | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | snyk-broker |
Affected:
all versions before 4.79.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 4.79.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk\u0027s internal network via patch history from GitHub Commits API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:53:29.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "all versions before 4.79.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk\u0027s internal network via patch history from GitHub Commits API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7651",
"datePublished": "2020-05-29T20:53:29.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7652 (GCVE-0-2020-7652)
Vulnerability from cvelistv5 – Published: 2020-05-29 20:46 – Updated: 2024-08-04 09:33
VLAI
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
Severity
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://updates.snyk.io/snyk-broker-security-fixe… | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.80.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.80.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network via directory traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:59:42.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.80.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network via directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7652",
"datePublished": "2020-05-29T20:46:35.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7653 (GCVE-0-2020-7653)
Vulnerability from cvelistv5 – Published: 2020-05-29 20:40 – Updated: 2024-08-04 09:33
VLAI
Summary
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
Severity
No CVSS data available.
CWE
- Arbitrary File Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612 | x_refsource_MISC |
| https://updates.snyk.io/snyk-broker-security-fixe… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | snyk-broker |
Affected:
All versions before 4.80.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snyk-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions before 4.80.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network by creating symlinks to match whitelisted paths."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T20:40:22.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snyk-broker",
"version": {
"version_data": [
{
"version_value": "All versions before 4.80.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk\u0027s internal network by creating symlinks to match whitelisted paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612"
},
{
"name": "https://updates.snyk.io/snyk-broker-security-fixes-152338",
"refsource": "MISC",
"url": "https://updates.snyk.io/snyk-broker-security-fixes-152338"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7653",
"datePublished": "2020-05-29T20:40:22.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}