How severe is CVE-2020-11629?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2020-11629?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2020-11629 - HIGH Severity | CVSS 7.2

Vulnerability Description

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.)

Related Vulnerabilities

CVE-2017-0925

HIGH

CVSS:7.2(High)

Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plainte...

CWE-5222017

CVE-2017-14111

HIGH

CVSS:7.2(High)

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an a...

CWE-5222017

CVE-2018-1000608

HIGH

CVSS:7.2(High)

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenk...

CWE-5222018

CVE-2018-16987

HIGH

CVSS:7.2(High)

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.

CWE-5222018

CVE-2019-12847

HIGH

CVSS:7.2(High)

In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since ...

CWE-5222019

CVE-2019-6242

HIGH

CVSS:7.2(High)

Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vuln...

CWE-5222019