First published: Mon Mar 23 2020(Updated: )
** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
OpenWRT LuCI | =git-20.049.11521-bebfe20 | |
OpenWRT LuCI | =git-20.078.22902-0ed0d42 | |
=git-20.049.11521-bebfe20 | ||
=git-20.078.22902-0ed0d42 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10871 is a vulnerability in OpenWrt LuCI git-20.x that allows remote unauthenticated attackers to retrieve the list of installed packages and services.
CVE-2020-10871 has a severity rating of medium with a severity value of 5.3.
Remote unauthenticated attackers can exploit CVE-2020-10871 to retrieve the list of installed packages and services in OpenWrt LuCI git-20.x.
Currently, there is no available fix for CVE-2020-10871. It is recommended to follow the vendor's updates and security advisories for any patches or mitigations.
You can find more information about CVE-2020-10871 on the following references: [link 1](https://github.com/openwrt/luci/issues/3563#issuecomment-578522860), [link 2](https://github.com/openwrt/luci/issues/3653#issue-567892007), [link 3](https://github.com/openwrt/luci/issues/3766).