CVE-2020-13821

{"id": "CVE-2020-13821", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-08-26T16:15:12.447", "references": [{"url": "https://payatu.com/advisory/hivemq-mqtt-broker---xss-over-mqtt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.hivemq.com/blog/hivemq-4-3-3-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker."}, {"lang": "es", "value": "Se detect\u00f3 un problema en HiveMQ Broker Control Center versi\u00f3n 4.3.2. Un par\u00e1metro clientid dise\u00f1ado en un paquete MQTT (enviado al Broker) es reflejado en la secci\u00f3n del cliente de la consola de administraci\u00f3n. El JavaScript del atacante es cargado en un navegador, lo que puede conllevar el robo de la sesi\u00f3n y una cookie de la cuenta del administrador del Broker"}], "lastModified": "2020-12-23T15:43:39.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hivemq:broker_control_center:4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD15DD3-F8EA-4692-88D6-C646D051DB21"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}