CVE-2019-20529
First published: Wed Mar 18 2020(Updated: )
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Frappe Frappe | =11.0.0 | |
| Frappe Frappe | =12.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this Frappe issue?
The vulnerability ID of this Frappe issue is CVE-2019-20529.
What is the title of this vulnerability?
The title of this vulnerability is 'In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 data files generated with Prepared Report were being stored as public files instead of private files'.
What is the severity of CVE-2019-20529?
The severity of CVE-2019-20529 is high with a CVSS score of 7.5.
Which software versions are affected by this vulnerability?
Frappe versions 11.0.0 and 12.0.0 are affected by this vulnerability.
How can I fix this vulnerability?
To fix this vulnerability, apply the patches provided in the following GitHub pull requests: [Link1](https://github.com/frappe/frappe/pull/8884) and [Link2](https://github.com/frappe/frappe/pull/8885).
- collector/nvd-index
- agent/event
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/frappe
- canonical/frappe frappe
- version/frappe frappe/11.0.0
- version/frappe frappe/12.0.0