CVE-2020-9300
N/A
N/A
Summary
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Netflix Dispatch | All versions prior to v20201106 | affected |
Weaknesses
- Multiple Multiple Access Control Issues in Dispatch
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md
- https://github.com/Netflix/dispatch/releases/tag/v20201106
References
- https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-005.md
- https://github.com/Netflix/dispatch/releases/tag/v20201106
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.