CVE-2020-5188 (Medium) detected in dotnetnuke.core.9.11.0.nupkg

[mend-bolt-for-github]

CVE-2020-5188 - Medium Severity Vulnerability

Vulnerable Library - dotnetnuke.core.9.11.0.nupkg

Provides basic references to the DotNetNuke.dll to develop extensions for the DNN Platform. For MVC or WebAPI please see other packages available as well

Library home page: https://api.nuget.org/packages/dotnetnuke.core.9.11.0.nupkg

Path to dependency file: /Modules/WillStrohl.OpenGraph/packages.config

Path to vulnerable library: /Modules/WillStrohl.OpenGraph/packages.config,/Modules/WillStrohl.LightboxGallery/packages.config,/Modules/WillStrohl.OpenGraph/packages/DotNetNuke.Core.9.11.0/DotNetNuke.Core.9.11.0.nupkg,/Modules/WillStrohl.LightboxGallery/packages/DotNetNuke.Core.9.11.0/DotNetNuke.Core.9.11.0.nupkg

Dependency Hierarchy:

• ❌ dotnetnuke.core.9.11.0.nupkg (Vulnerable Library)

Found in HEAD commit: 1f8af17e591b32ac36af71a5f8fc037a8812e8f8

Found in base branch: development

Vulnerability Details

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.

Publish Date: 2020-02-24

URL: CVE-2020-5188

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

---

Step up your Open Source Security Game with Mend here