PT-2020-12482 · Morequick · Greenbrowser

Published

2020-04-08

Updated

2021-10-26

CVE-2020-11000

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GreenBrowser versions prior to 1.2

Description The issue arises when apps rely on URL Parsing to verify that a given URL points to a trusted server. However, there are multiple ways to get URL parsing and verification wrong, allowing an attacker to circumvent access control.

Recommendations For GreenBrowser versions prior to 1.2, update to version 1.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on URL parsing for access control until the update can be applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-939

Related Identifiers

CVE-2020-11000

GHSA-7X3J-7X5W-8G7W

Affected Products

Greenbrowser

PT-2020-12482 · Morequick · Greenbrowser

CVE-2020-11000

Weakness Enumeration

Related Identifiers

Affected Products

References · 5