CVE-2020-10871
N/A
N/A
Summary
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/openwrt/luci/issues/3563#issuecomment-578522860
- https://github.com/openwrt/luci/issues/3653#issue-567892007
- https://github.com/openwrt/luci/issues/3766
References
- https://github.com/openwrt/luci/issues/3563#issuecomment-578522860
- https://github.com/openwrt/luci/issues/3653#issue-567892007
- https://github.com/openwrt/luci/issues/3766
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.