Enhancement: cves/2020/CVE-2020-5775.yaml by md

2023-04-04 15:45:42 -04:00 · 2023-04-04 15:45:42 -04:00 · 02d5accefa
parent 71abdddb5f
commit 02d5accefa
1 changed files with 5 additions and 3 deletions
--- a/cves/2020/CVE-2020-5775.yaml
+++ b/cves/2020/CVE-2020-5775.yaml
@ -1,13 +1,13 @@
 id: CVE-2020-5775

 info:
-  name: Canvas LMS Unauthenticated Blind SSRF
+  name: Canvas 2020-07-29 - Blind Server-Side Request Forgery
  author: alph4byt3
  severity: medium
-  description: Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
+  description: Canvas 2020-07-29 is susceptible to blind server-side request forgery. An attacker can cause Canvas to perform HTTP GET requests to arbitrary domains and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
  reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-5775
    - https://www.tenable.com/security/research/tra-2020-49
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-5775
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
    cvss-score: 5.8
@ -25,3 +25,5 @@ requests:
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
+
+# Enhanced by md on 2023/04/04