First published: Wed Jun 24 2020(Updated: )
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Naviwebs Navigate CMS | =2.9-r1433 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Navigate CMS issue is CVE-2020-14017.
CVE-2020-14017 has a severity level of 7.5 (high).
CVE-2020-14017 affects Navigate CMS version 2.9-r1433.
An unauthenticated user could potentially use a brute-force approach to identify existing sessions or view the content.
At this time, it is recommended to apply the latest security patches or updates provided by the vendor to mitigate CVE-2020-14017.