Skip to main content

Ignition CVE-2020-13909

CRITICAL
2020-06-07 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 07, 2020 - 20:15 nvd
CRITICAL 9.8

DescriptionNVD

The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix.

AnalysisAI

The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix. Affected products include: Facade Ignition. Version information: before 2.0.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-3129 CRITICAL POC
9.8 Jan 12

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra

CVE-2022-35890 CRITICAL POC
9.8 Jul 15

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Rated critical severity (C

CVE-2021-24220 CRITICAL POC
9.1 Apr 12

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0,

CVE-2022-36126 HIGH POC
7.2 Jul 16

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. Rated high severity (CVSS

CVE-2022-1704 CRITICAL
9.8 Aug 05

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML securit

CVE-2022-35869 CRITICAL
9.8 Jul 25

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ig

CVE-2021-43996 CRITICAL
9.8 Nov 17

The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can l

CVE-2021-24219 MEDIUM POC
5.3 Apr 12

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline

CVE-2022-1264 HIGH
8.8 Jul 20

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. Rated hi

CVE-2022-35873 HIGH
7.8 Jul 25

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation I

CVE-2022-35872 HIGH
7.8 Jul 25

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation I

CVE-2022-35871 HIGH
7.8 Jul 25

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation I

Share

CVE-2020-13909 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy