CVE-2019-20060

{"id": "CVE-2019-20060", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-02-10T13:15:11.787", "references": [{"url": "https://medium.com/%40jra8908/yetishare-3-5-2-4-5-4-multiple-vulnerabilities-927d17b71ad", "source": "cve@mitre.org"}, {"url": "https://mfscripts.com/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://yetishare.com/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information."}, {"lang": "es", "value": "MFScripts YetiShare versiones v3.5.2 hasta v4.5.4, coloca informaci\u00f3n confidencial en el encabezado Referer. Si esto se filtra, entonces terceros pueden detectar hashes de restablecimiento de contrase\u00f1a, enlaces de eliminaci\u00f3n de archivos u otra informaci\u00f3n confidencial."}], "lastModified": "2023-11-07T03:08:39.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mfscripts:yetishare:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B6FE06-6620-48FC-9AD3-6E9FA7D2793F", "versionEndIncluding": "4.5.4", "versionStartIncluding": "3.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}