Broker
CVE-2020-7653
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.
AnalysisAI
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-59. All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. Affected products include: Synk Broker. Version information: before 4.80.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. Rated high severity (CVSS 7.5), this v
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. Rated medium
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 4.3), this
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today