PT-2020-18340 · Unknown · Buddypress

Ehti

Published

2020-02-24

Updated

2020-02-25

CVE-2020-5244

CVSS v3.1

8.0

High

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions BuddyPress versions prior to 5.1.2

Description The issue allows requests to a certain REST API endpoint to expose private user data without requiring authentication.

Recommendations For versions prior to 5.1.2, update to version 5.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable REST API endpoint until the update is applied.

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

CVE-2020-5244

GHSA-3J78-7M59-R7GV

Affected Products

Buddypress

PT-2020-18340 · Unknown · Buddypress

CVE-2020-5244

Weakness Enumeration

Related Identifiers

Affected Products

References · 7