Sign-up

ID

VAR-202002-1211


CVE

CVE-2020-6803


TITLE

gateway Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002382

DESCRIPTION

An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. gateway Exists in an open redirect vulnerability.Information may be obtained and tampered with. WebThings Gateway is an IoT gateway from the Mozilla Foundation in the United States. The login page in WebThings Gateway has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data

Trust: 2.25

sources: NVD: CVE-2020-6803 // JVNDB: JVNDB-2020-002382 // CNNVD: CNNVD-202002-1321 // VULHUB: VHN-184928

AFFECTED PRODUCTS

vendor:mozillamodel:webthings gatewayscope:ltversion:2020-02-26

Trust: 1.0

vendor:mozillamodel:webthings gatewayscope: - version: -

Trust: 0.8

vendor:mozillamodel:webthings gatewayscope:eqversion:0.2.0

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.3.0

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.2.2

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.3.1

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.5.1

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.4.1

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.2.1

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.4.0

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.1.0

Trust: 0.6

vendor:mozillamodel:webthings gatewayscope:eqversion:0.5.0

Trust: 0.6

sources: JVNDB: JVNDB-2020-002382 // CNNVD: CNNVD-202002-1321 // NVD: CVE-2020-6803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6803
value: MEDIUM

Trust: 1.0

security@mozilla.org: CVE-2020-6803
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002382
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202002-1321
value: MEDIUM

Trust: 0.6

VULHUB: VHN-184928
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6803
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002382
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184928
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6803
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

security@mozilla.org: CVE-2020-6803
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002382
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184928 // JVNDB: JVNDB-2020-002382 // CNNVD: CNNVD-202002-1321 // NVD: CVE-2020-6803 // NVD: CVE-2020-6803

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-184928 // JVNDB: JVNDB-2020-002382 // NVD: CVE-2020-6803

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1321

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002382

PATCH
title:Always redirect to / after login. #2446url:https://github.com/mozilla-iot/gateway/pull/2446
Trust: 0.8
title:WebThings Gateway Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110932
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002382 // 
            
            
            
            CNNVD: CNNVD-202002-1321

EXTERNAL IDS
db:NVDid:CVE-2020-6803
Trust: 2.5
db:JVNDBid:JVNDB-2020-002382
Trust: 0.8
db:CNNVDid:CNNVD-202002-1321
Trust: 0.7
db:VULHUBid:VHN-184928
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184928 // 
            
            
            
            JVNDB: JVNDB-2020-002382 // 
            
            
            
            CNNVD: CNNVD-202002-1321 // 
            
            
            
            NVD: CVE-2020-6803

REFERENCES
url:https://github.com/mozilla-iot/gateway/pull/2446
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-6803
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6803
Trust: 0.8
sources:
            
            
            VULHUB: VHN-184928 // 
            
            
            
            JVNDB: JVNDB-2020-002382 // 
            
            
            
            CNNVD: CNNVD-202002-1321 // 
            
            
            
            NVD: CVE-2020-6803

SOURCES
db:VULHUBid:VHN-184928
db:JVNDBid:JVNDB-2020-002382
db:CNNVDid:CNNVD-202002-1321
db:NVDid:CVE-2020-6803

LAST UPDATE DATE
2024-11-23T21:51:38.972000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-184928date:2020-03-04T00:00:00
db:JVNDBid:JVNDB-2020-002382date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202002-1321date:2020-03-09T00:00:00
db:NVDid:CVE-2020-6803date:2024-11-21T05:36:12.680

SOURCES RELEASE DATE
db:VULHUBid:VHN-184928date:2020-02-28T00:00:00
db:JVNDBid:JVNDB-2020-002382date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202002-1321date:2020-02-28T00:00:00
db:NVDid:CVE-2020-6803date:2020-02-28T23:15:11.447