How severe is CVE-2020-36569?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2020-36569?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-36569

CRITICAL Year: 2020

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-287

View all →

Vulnerability Description

Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.

CVE-2007-1966

CRITICAL

CVSS:9.1(Critical)

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

CWE-2872007

CVE-2008-3738

CRITICAL

CVSS:9.1(Critical)

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

CWE-2872008

CVE-2013-4454

CRITICAL

CVSS:9.1(Critical)

WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities

CWE-2872013

CVE-2013-4462

CRITICAL

CVSS:9.1(Critical)

WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability

CWE-2872013

CVE-2014-4198

CRITICAL

CVSS:9.1(Critical)

A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user ...

CWE-2872014

CVE-2016-4432

CRITICAL

CVSS:9.1(Critical)

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to con...

CWE-2872016

CVE-2020-36569

Vulnerability Description

Related Vulnerabilities

CVE-2007-1966

CVE-2008-3738

CVE-2013-4454

CVE-2013-4462

CVE-2014-4198

CVE-2016-4432