Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2020-10871

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further

  • Published: Mar 23, 2020
  • Updated: Nov 8, 2023
  • CVE: CVE-2020-10871
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
openwrt / luci git-20.049.11521-bebfe20 git-20.049.11521-bebfe20.x
openwrt / luci git-20.078.22902-0ed0d42 git-20.078.22902-0ed0d42.x