CVE-2020-14017: CSRF
First published: Wed Jun 24 2020(Updated: )
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Naviwebs Navigate CMS | =2.9-r1433 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Navigate CMS issue?
The vulnerability ID for this Navigate CMS issue is CVE-2020-14017.
What is the severity of CVE-2020-14017?
CVE-2020-14017 has a severity level of 7.5 (high).
What software version is affected by CVE-2020-14017?
CVE-2020-14017 affects Navigate CMS version 2.9-r1433.
How can an unauthenticated user exploit CVE-2020-14017?
An unauthenticated user could potentially use a brute-force approach to identify existing sessions or view the content.
Is there a fix available for CVE-2020-14017?
At this time, it is recommended to apply the latest security patches or updates provided by the vendor to mitigate CVE-2020-14017.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- vendor/naviwebs
- canonical/naviwebs navigate cms
- version/naviwebs navigate cms/2.9-r1433