CVE-2020-9443

{"id": "CVE-2020-9443", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-03-18T13:15:12.573", "references": [{"url": "https://blog.zulip.org/2020/02/29/zulip-desktop-4-0-3-security-release/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.zulip.org/2020/02/29/zulip-desktop-4-0-3-security-release/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82."}, {"lang": "es", "value": "Zulip Desktop versiones anteriores a 4.0.3, carg\u00f3 contenido no confiable en una vista web de Electron con la seguridad web deshabilitada, lo cual puede ser explotado para un ataque de tipo XSS en una variedad de maneras. Esto afecta especialmente a Zulip Desktop versi\u00f3n 2.3.82."}], "lastModified": "2024-11-21T05:40:39.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zulipchat:zulip_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA06A801-F7A1-4489-81AE-59D515A564C5", "versionEndExcluding": "4.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}