CVE-2020-12642
Description
An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.28
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-12642 are fixed in ReportPortal-service-api 4.3.12 | Windows |
| Vulnerabilities CVE-2020-12642 are fixed in ReportPortal-service-api 5.1.1 | Windows |
| Vulnerabilities CVE-2020-12642 are fixed in ReportPortal-service-api for Linux 4.3.12 | Linux |
| Vulnerabilities CVE-2020-12642 are fixed in ReportPortal-service-api for Linux 5.1.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234