Wing Chan

Researcher fromThe Hut Group
#7093of 53,630
38.4Total CVSS
Vulnerabilities · 6
Medium
5
High
1
PT-2022-9059
4.9
2022-07-25
Snyk · Snyk-Broker · CVE-2020-7649
**Name of the Vulnerable Software and Affected Versions** snyk-broker versions prior to 4.73.0 **Description** The issue allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. **Recommendations** For versions prior to 4.73.0, update to version 4.73.0 or later to resolve the issue.
PT-2020-19681
6.5
2020-05-29
Snyk · Snyk-Broker · CVE-2020-7648
**Name of the Vulnerable Software and Affected Versions** snyk-broker versions prior to 4.72.2 **Description** The issue allows arbitrary file reads for users who have access to Snyk's internal network. This can be achieved by appending the URL with a fragment identifier and a whitelisted path, such as `#package.json`. **Recommendations** For versions prior to 4.72.2, update to version 4.72.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the internal network to minimize the risk of exploitation.
PT-2020-19682
6.5
2020-05-29
Snyk · Snyk-Broker · CVE-2020-7650
**Name of the Vulnerable Software and Affected Versions** snyk-broker versions 4.72.0 through 4.73.1 **Description** The issue allows arbitrary file reads to users with access to Snyk's internal network. It affects files ending in the following extensions: yaml, yml, or json. **Recommendations** For snyk-broker versions 4.72.0 through 4.73.1, update to a version after 4.73.1 to resolve the issue. As a temporary workaround, consider restricting access to files with yaml, yml, or json extensions to minimize the risk of exploitation.
PT-2020-19684
6.5
2020-05-29
Snyk · Snyk-Broker · CVE-2020-7652
**Name of the Vulnerable Software and Affected Versions** snyk-broker versions prior to 4.80.0 **Description** The issue allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. **Recommendations** For versions prior to 4.80.0, update to version 4.80.0 or later to resolve the issue.
PT-2020-19685
6.5
2020-05-29
Snyk · Snyk-Broker · CVE-2020-7653
**Name of the Vulnerable Software and Affected Versions** snyk-broker versions prior to 4.80.0 **Description** The issue allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. **Recommendations** For versions prior to 4.80.0, update to version 4.80.0 or later to resolve the issue.
PT-2020-19686
7.5
2020-05-29
Snyk · Snyk-Broker · CVE-2020-7654
**Name of the Vulnerable Software and Affected Versions** snyk-broker versions prior to 4.73.1 **Description** The issue concerns information exposure where private keys are logged if the logging level is set to DEBUG. **Recommendations** For versions prior to 4.73.1, update to version 4.73.1 or later to resolve the issue. As a temporary workaround, consider setting the logging level to a value other than DEBUG to prevent private key logging. Restrict access to log files to minimize the risk of exploitation.