CVE-2020-3808

CWE-3673 documents3 sources

Severity

5.9MEDIUM

EPSS

1.7%

top 17.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Creative Cloud Adobe Creative Cloud Desktop Application

Timeline

PublishedMar 25

Latest updateMay 24

Description

Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5adobe/creative_cloud_desktop_applicationCreative Cloud Desktop Application versions

▶NVDadobe/creative_cloud5.0

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-5pm7-fp9j-32h8: Creative Cloud Desktop Application versions 5↗2022-05-24

▶

CVEList

CVE-2020-3808: Creative Cloud Desktop Application versions 5↗2020-03-25

▶