CVE-2020-24614
published 2020-08-25CVE-2020-24614: Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | fossil | < fossil 1:2.12.1-1 (bookworm) | fossil 1:2.12.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fossil-scm | fossil | < 2.10.2 | 2.10.2 |
| fossil-scm | fossil | >= 0 < 1:2.12.1-1 | 1:2.12.1-1 |
| fossil-scm | fossil | >= 0 < 1:2.12.1-1 | 1:2.12.1-1 |
| fossil-scm | fossil | >= 0 < 1:2.12.1-1 | 1:2.12.1-1 |
| fossil-scm | fossil | >= 2.11.0 < 2.11.2 | 2.11.2 |
| fossil-scm | fossil | >= 2.12.0 < 2.12.1 | 2.12.1 |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH