Skip to main content

Devspace

1 CVEs product

Monthly

CVE-2020-15391 Go CRITICAL PATCH Act Now

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Authentication Bypass Devspace
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Authentication Bypass Devspace
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy