How severe is CVE-2020-15258?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2020-15258?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-15258 - HIGH Severity | CVSS 8

Vulnerability Description

In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The issue was patched by implementing a helper function which checks if the URL's protocol is common. If it is common, the URL will be opened externally. If not, the URL will not be opened and a warning appears for the user informing them that a probably insecure URL was blocked from being executed. The issue is patched in Wire 3.20.x. More technical details about exploitation are available in the linked advisory.

Related Vulnerabilities

CVE-2016-1661

HIGH

CVSS:8.0(High)

Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers ...

CWE-202016

CVE-2017-14320

HIGH

CVSS:8.0(High)

Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.

CWE-202017

CVE-2017-6662

HIGH

CVSS:8.0(High)

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access t...

CWE-202017

CVE-2017-7466

HIGH

CVSS:8.0(High)

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the abili...

CWE-202017

CVE-2018-11294

HIGH

CVSS:8.0(High)

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. Whil...

CWE-202018

CVE-2018-5199

HIGH

CVSS:8.0(High)

In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to exe...

CWE-202018