Search criteria
6 vulnerabilities found for WebThings Gateway by Mozilla
VAR-202002-1212
Vulnerability from variot - Updated: 2024-11-23 23:11A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system. gateway Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1212",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webthings gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mozilla",
"version": "0.3.0"
},
{
"model": "webthings gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "0.12.0"
},
{
"model": "webthings gateway",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"db": "NVD",
"id": "CVE-2020-6804"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mozilla:webthings_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
}
]
},
"cve": "CVE-2020-6804",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-6804",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-002315",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-184929",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-6804",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@mozilla.org",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-6804",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-002315",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6804",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@mozilla.org",
"id": "CVE-2020-6804",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-002315",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-184929",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184929"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1322"
},
{
"db": "NVD",
"id": "CVE-2020-6804"
},
{
"db": "NVD",
"id": "CVE-2020-6804"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user\u0027s authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system. gateway Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6804"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"db": "VULHUB",
"id": "VHN-184929"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6804",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002315",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1322",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-184929",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184929"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1322"
},
{
"db": "NVD",
"id": "CVE-2020-6804"
}
]
},
"id": "VAR-202002-1212",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-184929"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:11:33.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Always redirect to / after login. #2446",
"trust": 0.8,
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
},
{
"title": "WebThings Gateway Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111095"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1322"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184929"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"db": "NVD",
"id": "CVE-2020-6804"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6804"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6804"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184929"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1322"
},
{
"db": "NVD",
"id": "CVE-2020-6804"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-184929"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1322"
},
{
"db": "NVD",
"id": "CVE-2020-6804"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-184929"
},
{
"date": "2020-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"date": "2020-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1322"
},
{
"date": "2020-02-28T23:15:11.543000",
"db": "NVD",
"id": "CVE-2020-6804"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-184929"
},
{
"date": "2020-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002315"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1322"
},
{
"date": "2024-11-21T05:36:12.783000",
"db": "NVD",
"id": "CVE-2020-6804"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "gateway Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002315"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1322"
}
],
"trust": 0.6
}
}
VAR-202002-1211
Vulnerability from variot - Updated: 2024-11-23 21:51An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. gateway Exists in an open redirect vulnerability.Information may be obtained and tampered with. WebThings Gateway is an IoT gateway from the Mozilla Foundation in the United States. The login page in WebThings Gateway has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1211",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webthings gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "2020-02-26"
},
{
"model": "webthings gateway",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.2.0"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.3.0"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.2.2"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.3.1"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.5.1"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.4.1"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.2.1"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.4.0"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.1.0"
},
{
"model": "webthings gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mozilla",
"version": "0.5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
},
{
"db": "NVD",
"id": "CVE-2020-6803"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mozilla:webthings_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
}
]
},
"cve": "CVE-2020-6803",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-6803",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-002382",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-184928",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-6803",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@mozilla.org",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-6803",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-002382",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6803",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@mozilla.org",
"id": "CVE-2020-6803",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-002382",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1321",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-184928",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184928"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
},
{
"db": "NVD",
"id": "CVE-2020-6803"
},
{
"db": "NVD",
"id": "CVE-2020-6803"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An open redirect is present on the gateway\u0027s login page, which could cause a user to be redirected to a malicious site after logging in. gateway Exists in an open redirect vulnerability.Information may be obtained and tampered with. WebThings Gateway is an IoT gateway from the Mozilla Foundation in the United States. \nThe login page in WebThings Gateway has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6803"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
},
{
"db": "VULHUB",
"id": "VHN-184928"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6803",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002382",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1321",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-184928",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184928"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
},
{
"db": "NVD",
"id": "CVE-2020-6803"
}
]
},
"id": "VAR-202002-1211",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-184928"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:51:38.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Always redirect to / after login. #2446",
"trust": 0.8,
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
},
{
"title": "WebThings Gateway Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110932"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184928"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"db": "NVD",
"id": "CVE-2020-6803"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6803"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6803"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184928"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
},
{
"db": "NVD",
"id": "CVE-2020-6803"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-184928"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
},
{
"db": "NVD",
"id": "CVE-2020-6803"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-184928"
},
{
"date": "2020-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"date": "2020-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1321"
},
{
"date": "2020-02-28T23:15:11.447000",
"db": "NVD",
"id": "CVE-2020-6803"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-184928"
},
{
"date": "2020-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002382"
},
{
"date": "2020-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1321"
},
{
"date": "2024-11-21T05:36:12.680000",
"db": "NVD",
"id": "CVE-2020-6803"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "gateway Open redirect vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002382"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1321"
}
],
"trust": 0.6
}
}
CVE-2020-6804 (GCVE-0-2020-6804)
Vulnerability from nvd – Published: 2020-02-28 22:38 – Updated: 2024-08-04 09:11
VLAI
Title
XSS in Mozilla WebThings Gateway
Summary
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
Severity
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mozilla-iot/gateway/pull/2446 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | WebThings Gateway |
Affected:
0.3.0 , < 0.3.0*
(custom)
Affected: 0.12.0 , < 0.12.0 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebThings Gateway",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "0.3.0*",
"status": "affected",
"version": "0.3.0",
"versionType": "custom"
},
{
"lessThan": "0.12.0",
"status": "affected",
"version": "0.12.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Panagiotis"
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user\u0027s authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-28T22:38:38.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"solutions": [
{
"lang": "en",
"value": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS in Mozilla WebThings Gateway",
"workarounds": [
{
"lang": "en",
"value": "* Never share your gateway address publicly.\n* Never click on links which take you to your gateway, especially to the login page."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-6804",
"STATE": "PUBLIC",
"TITLE": "XSS in Mozilla WebThings Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebThings Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "0.3.0",
"version_value": "0.3.0"
},
{
"version_affected": "\u003c",
"version_name": "0.12.0",
"version_value": "0.12.0"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Panagiotis"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user\u0027s authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mozilla-iot/gateway/pull/2446",
"refsource": "MISC",
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
]
},
"solution": [
{
"lang": "en",
"value": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "* Never share your gateway address publicly.\n* Never click on links which take you to your gateway, especially to the login page."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-6804",
"datePublished": "2020-02-28T22:38:38.000Z",
"dateReserved": "2020-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6803 (GCVE-0-2020-6803)
Vulnerability from nvd – Published: 2020-02-28 22:34 – Updated: 2024-08-04 09:11
VLAI
Title
Open redirect in Mozilla WebThings Gateway
Summary
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
Severity
5.4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mozilla-iot/gateway/pull/2446 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | WebThings Gateway |
Affected:
0.3.0 , < 0.3.0*
(custom)
Affected: 0.12.0 , < 0.12.0 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebThings Gateway",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "0.3.0*",
"status": "affected",
"version": "0.3.0",
"versionType": "custom"
},
{
"lessThan": "0.12.0",
"status": "affected",
"version": "0.12.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Panagiotis"
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirect is present on the gateway\u0027s login page, which could cause a user to be redirected to a malicious site after logging in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-28T22:34:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"solutions": [
{
"lang": "en",
"value": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Open redirect in Mozilla WebThings Gateway",
"workarounds": [
{
"lang": "en",
"value": "* Never share your gateway address publicly.\n* Never click on links which take you to your gateway, especially to the login page."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-6803",
"STATE": "PUBLIC",
"TITLE": "Open redirect in Mozilla WebThings Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebThings Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "0.3.0",
"version_value": "0.3.0"
},
{
"version_affected": "\u003c",
"version_name": "0.12.0",
"version_value": "0.12.0"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Panagiotis"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect is present on the gateway\u0027s login page, which could cause a user to be redirected to a malicious site after logging in."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mozilla-iot/gateway/pull/2446",
"refsource": "MISC",
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
]
},
"solution": [
{
"lang": "en",
"value": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "* Never share your gateway address publicly.\n* Never click on links which take you to your gateway, especially to the login page."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-6803",
"datePublished": "2020-02-28T22:34:00.000Z",
"dateReserved": "2020-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6804 (GCVE-0-2020-6804)
Vulnerability from cvelistv5 – Published: 2020-02-28 22:38 – Updated: 2024-08-04 09:11
VLAI
Title
XSS in Mozilla WebThings Gateway
Summary
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
Severity
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mozilla-iot/gateway/pull/2446 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | WebThings Gateway |
Affected:
0.3.0 , < 0.3.0*
(custom)
Affected: 0.12.0 , < 0.12.0 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebThings Gateway",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "0.3.0*",
"status": "affected",
"version": "0.3.0",
"versionType": "custom"
},
{
"lessThan": "0.12.0",
"status": "affected",
"version": "0.12.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Panagiotis"
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user\u0027s authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-28T22:38:38.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"solutions": [
{
"lang": "en",
"value": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS in Mozilla WebThings Gateway",
"workarounds": [
{
"lang": "en",
"value": "* Never share your gateway address publicly.\n* Never click on links which take you to your gateway, especially to the login page."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-6804",
"STATE": "PUBLIC",
"TITLE": "XSS in Mozilla WebThings Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebThings Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "0.3.0",
"version_value": "0.3.0"
},
{
"version_affected": "\u003c",
"version_name": "0.12.0",
"version_value": "0.12.0"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Panagiotis"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user\u0027s authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mozilla-iot/gateway/pull/2446",
"refsource": "MISC",
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
]
},
"solution": [
{
"lang": "en",
"value": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "* Never share your gateway address publicly.\n* Never click on links which take you to your gateway, especially to the login page."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-6804",
"datePublished": "2020-02-28T22:38:38.000Z",
"dateReserved": "2020-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6803 (GCVE-0-2020-6803)
Vulnerability from cvelistv5 – Published: 2020-02-28 22:34 – Updated: 2024-08-04 09:11
VLAI
Title
Open redirect in Mozilla WebThings Gateway
Summary
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
Severity
5.4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mozilla-iot/gateway/pull/2446 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | WebThings Gateway |
Affected:
0.3.0 , < 0.3.0*
(custom)
Affected: 0.12.0 , < 0.12.0 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebThings Gateway",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "0.3.0*",
"status": "affected",
"version": "0.3.0",
"versionType": "custom"
},
{
"lessThan": "0.12.0",
"status": "affected",
"version": "0.12.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Panagiotis"
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirect is present on the gateway\u0027s login page, which could cause a user to be redirected to a malicious site after logging in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-28T22:34:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"solutions": [
{
"lang": "en",
"value": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Open redirect in Mozilla WebThings Gateway",
"workarounds": [
{
"lang": "en",
"value": "* Never share your gateway address publicly.\n* Never click on links which take you to your gateway, especially to the login page."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-6803",
"STATE": "PUBLIC",
"TITLE": "Open redirect in Mozilla WebThings Gateway"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebThings Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "0.3.0",
"version_value": "0.3.0"
},
{
"version_affected": "\u003c",
"version_name": "0.12.0",
"version_value": "0.12.0"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Panagiotis"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect is present on the gateway\u0027s login page, which could cause a user to be redirected to a malicious site after logging in."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mozilla-iot/gateway/pull/2446",
"refsource": "MISC",
"url": "https://github.com/mozilla-iot/gateway/pull/2446"
}
]
},
"solution": [
{
"lang": "en",
"value": "https://github.com/mozilla-iot/gateway/pull/2446"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "* Never share your gateway address publicly.\n* Never click on links which take you to your gateway, especially to the login page."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-6803",
"datePublished": "2020-02-28T22:34:00.000Z",
"dateReserved": "2020-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:11:05.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}