OpenWrt LuCI git-20.x Vulnerability: Unauthenticated Retrieval of Installed Packages and Services

OpenWrt LuCI git-20.x Vulnerability: Unauthenticated Retrieval of Installed Packages and Services

CVE-2020-10871 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further

Learn more about our Web Application Penetration Testing UK.