Enhancement: cves/2020/CVE-2020-5775.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-04 15:45:42 -04:00
parent 71abdddb5f
commit 02d5accefa
1 changed files with 5 additions and 3 deletions

View File

@ -1,13 +1,13 @@
id: CVE-2020-5775 id: CVE-2020-5775
info: info:
name: Canvas LMS Unauthenticated Blind SSRF name: Canvas 2020-07-29 - Blind Server-Side Request Forgery
author: alph4byt3 author: alph4byt3
severity: medium severity: medium
description: Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. description: Canvas 2020-07-29 is susceptible to blind server-side request forgery. An attacker can cause Canvas to perform HTTP GET requests to arbitrary domains and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-5775
- https://www.tenable.com/security/research/tra-2020-49 - https://www.tenable.com/security/research/tra-2020-49
- https://nvd.nist.gov/vuln/detail/CVE-2020-5775
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
cvss-score: 5.8 cvss-score: 5.8
@ -25,3 +25,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction part: interactsh_protocol # Confirms the HTTP Interaction
words: words:
- "http" - "http"
# Enhanced by md on 2023/04/04