How severe is CVE-2020-11980?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2020-11980?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2020-11980 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as "viewer" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a "viewer" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer.

Related Vulnerabilities

CVE-2017-7553

MEDIUM

CVSS:6.3(Medium)

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoi...

CWE-9182017

CVE-2020-4294

MEDIUM

CVSS:6.3(Medium)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to ne...

CWE-9182020

CVE-2020-4974

MEDIUM

CVSS:6.3(Medium)

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...

CWE-9182020

CVE-2020-8555

MEDIUM

CVSS:6.3(Medium)

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certa...

CWE-9182020

CVE-2021-3758

MEDIUM

CVSS:6.3(Medium)

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

CWE-9182021

CVE-2023-22936

MEDIUM

CVSS:6.3(Medium)

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator...

CWE-9182023