CVE-2020-19005

MEDIUM EPSS 49.8%
Published Aug 25, 20205y ago · Modified Jun 17, 20262w ago
5.7 CVSS 3.1
Medium
Find Similar
Published Aug 25, 2020 5y ago
Last Modified Jun 17, 2026 2w ago

Description

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.

CVSS Details

Base Score
5.7
Exploitability
2.1
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
49.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
zrlogzrlog2.1.0any

References 2

  • github.com https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba
    PatchThird Party Advisory
  • github.com https://github.com/94fzb/zrlog/issues/48
    Issue TrackingThird Party Advisory

Remediation

  • github.com https://github.com/94fzb/zrlog/commit/b2b4415e2e59b6f18b0a62b633e71c96d63c43ba
    PatchThird Party Advisory