How severe is CVE-2020-1940?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-1940?

This is classified as CWE-212, which is a common weakness in software security.

CVE-2020-1940 - HIGH Severity | CVSS 7.5

Vulnerability Description

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.

Related Vulnerabilities

CVE-2002-0704

HIGH

CVSS:7.5(High)

The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.

CWE-2122002

CVE-2018-6337

HIGH

CVSS:7.5(High)

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM...

CWE-2122018

CVE-2019-20637

HIGH

CVSS:7.5(High)

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next req...

CWE-2122019

CVE-2020-36476

HIGH

CVSS:7.5(High)

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data ...

CWE-2122020

CVE-2021-31780

HIGH

CVSS:7.5(High)

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event e...

CWE-2122021

CVE-2021-46813

HIGH

CVSS:7.5(High)

Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.

CWE-2122021