Broker
CVE-2020-7654
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
AnalysisAI
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-532. All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG. Affected products include: Synk Broker. Version information: before 4.73.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. Rated medium
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 6.5), this
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. Rated medium severity (CVSS 4.3), this
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today