CVE-2020-21527

{"id": "CVE-2020-21527", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2020-09-30T18:15:24.227", "references": [{"url": "https://github.com/halo-dev/halo/issues/422", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de eliminaci\u00f3n de archivos Arbitraria en halo versi\u00f3n v1.1.3. Una funci\u00f3n de backup en segundo plano permite al usuario, al eliminar sus archivos de backup, eliminar cualquier archivo del sistema por medio de un salto de directorio"}], "lastModified": "2020-10-07T19:24:30.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:halo:halo:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AAE0537-C39F-4121-AA74-28235A4DC07A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}