CVE-2020-7649
MEDIUM EPSS 67.0%
Published Jul 25, 20223y ago · Modified Jun 17, 20262w ago
4.9 CVSS 3.1
Published Jul 25, 2022 3y ago
Last Modified Jun 17, 2026 2w ago
Description
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
67.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| snyk | broker | * | <4.73.0 |
References 3
- github.com https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429
- security.snyk.io https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570608
- updates.snyk.io https://updates.snyk.io/snyk-broker-security-fixes-152338
Remediation
- github.com https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429