CVE-2020-10807

Medium

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host…

mitre·CWE-290·Published 2020-03-22

CVSS

5.3

EPSS

0.01

KEV

Exploits

cve.orgen

142 chars

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.

NVDen

142 chars

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.

auth_svc en Caldera versiones anteriores a 2.6.5, permite la omisión de autenticación (para peticiones de la API REST) ??por medio de una cadena "localhost" falsificada en el encabezado HTTP Host.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N