Open redirect in Mozilla WebThings Gateway
CVE-2020-6803

5.4MEDIUM

Key Information:

Vendor

Mozilla
Status
Webthings Gateway
Vendor
CVE Published:
28 February 2020

What is CVE-2020-6803?

An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.

Affected Version(s)

WebThings Gateway 0.3.0 < 0.3.0*

WebThings Gateway 0.12.0

References

https://github.com/mozilla-iot/gateway/pull/2446
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Panagiotis
JSON
.