How severe is CVE-2020-4072?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2020-4072?

This is classified as CWE-117, which is a common weakness in software security.

CVE-2020-4072

MEDIUM Year: 2020

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-117

View all →

Vulnerability Description

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0.

CVE-2019-10213

MEDIUM

CVSS:5.3(Medium)

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read...

CWE-1172019

CVE-2019-14854

MEDIUM

CVSS:5.3(Medium)

OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to d...

CWE-1172019

CVE-2021-20333

MEDIUM

CVSS:5.3(Medium)

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6...

CWE-1172021

CVE-2021-43410

MEDIUM

CVSS:5.3(Medium)

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affecte...

CWE-1172021

CVE-2022-1522

MEDIUM

CVSS:5.3(Medium)

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that...

CWE-1172022

CVE-2022-32549

MEDIUM

CVSS:5.3(Medium)

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially...

CWE-1172022

CVE-2020-4072

Vulnerability Description

Related Vulnerabilities

CVE-2019-10213

CVE-2019-14854

CVE-2021-20333

CVE-2021-43410

CVE-2022-1522

CVE-2022-32549