Access Control Flaws in Netflix Dispatch
CVE-2020-9300

6.5MEDIUM

Key Information:

Vendor: Netflix
Status: Netflix Dispatch
Vendor: CVE Published:; 9 November 2020

What is CVE-2020-9300?

The vulnerability in Netflix Dispatch is related to inadequate access control mechanisms. It allows unauthorized users to view restricted incidents and escalate their privileges to admin roles. Additionally, users can add themselves as participants to restricted incidents and exploit the search feature to access sensitive information. Adhering to secure deployment guidelines can mitigate some risks associated with this vulnerability, as it primarily affects authenticated users.

Affected Version(s)

Netflix Dispatch All versions prior to v20201106

References

https://github.com/Netflix/security-bulletins/blob/master...

x_refsource_MISC

https://github.com/Netflix/dispatch/releases/tag/v20201106

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2020
Vulnerability Reserved
Feb 19, 2020