CVE-2020-6394

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-6394
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0514 Third Party Advisory
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html Vendor Advisory
https://crbug.com/1014371 Exploit Issue Tracking Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/
https://security.gentoo.org/glsa/202003-08 Third Party Advisory
https://www.debian.org/security/2020/dsa-4638 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
History

07 Nov 2023, 03:24

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/', 'name': 'FEDORA-2020-39e0b8bd14', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/', 'name': 'FEDORA-2020-f6271d7afa', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ -

06 Apr 2022, 17:54

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:package_hub:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/ - Mailing List, Third Party Advisory
References (MISC) https://crbug.com/1014371 - Permissions Required (MISC) https://crbug.com/1014371 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0514 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0514 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2020/dsa-4638 - (DEBIAN) https://www.debian.org/security/2020/dsa-4638 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202003-08 - (GENTOO) https://security.gentoo.org/glsa/202003-08 - Third Party Advisory
CWE CWE-20 NVD-CWE-noinfo
First Time Debian debian Linux
Redhat enterprise Linux Desktop
Suse
Redhat enterprise Linux Server
Debian
Suse package Hub
Suse linux Enterprise
Redhat enterprise Linux Workstation
Fedoraproject fedora
Redhat
Fedoraproject
Information

Published : 2020-02-11 15:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-6394

Mitre link : CVE-2020-6394

CVE.ORG link : CVE-2020-6394

JSON object : View

Products Affected

google

  • chrome

redhat

  • enterprise_linux_workstation
  • enterprise_linux_desktop
  • enterprise_linux_server

fedoraproject

  • fedora

suse

  • package_hub
  • linux_enterprise

debian

  • debian_linux

opensuse

  • backports_sle
CWE
NVD-CWE-noinfo