CVE-2020-21990

{"id": "CVE-2020-21990", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-04-29T14:15:09.390", "references": [{"url": "https://www.exploit-db.com/exploits/47824", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5555.php", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information."}, {"lang": "es", "value": "Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway versi\u00f3n 0.2.40 est\u00e1 afectado por una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido a la aplicaci\u00f3n inapropiada  del control de acceso. Un atacante remoto no autenticado puede explotar esto por medio de una petici\u00f3n especialmente dise\u00f1ada para conseguir acceso a informaci\u00f3n confidencial"}], "lastModified": "2021-05-08T04:57:55.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:domoticz:mydomoathome:0.240:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "7A1B61A5-6347-4B3D-B6B3-53410C193AC5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}