Command Execution Vulnerability in Supybot-fedora by Fedora Foundation
CVE-2020-15853

5.3MEDIUM

Key Information:

Vendor: Fedoraproject
Status: Supybot-fedora
Vendor: CVE Published:; 18 October 2022

🔔 Create Fedoraproject Vulnerability Alert

What is CVE-2020-15853?

The supybot-fedora implementation of the 'refresh' command is vulnerable due to its impact on system responsiveness. When executed, this command refreshes the user cache from FAS, resulting in substantial delay while the operation completes. During this time, the zodbot becomes unresponsive to incoming requests, which may disrupt normal operations and hinder user interactions.

Affected Version(s)

supybot-fedora all versions

References

https://github.com/fedora-infra/supybot-fedora/issues/69

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Jul 20, 2020