CVE-2020-9300

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-9300

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9300.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-9300

Published

2020-11-09T15:15:13.757Z

Modified

2025-11-14T11:10:22.317900Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.

References

Affected packages

Git / github.com/netflix/dispatch

Affected ranges

Type: GIT
Repo: https://github.com/netflix/dispatch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3f6d5b74c166456e26c809b134357f0ecc265a76

Affected versions

Other

fix-test-vars

v20200421

v20200922

v20201001

v20201013

v20201027

v20200922.*

v20200922.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-9300.json"