Home > Vulnerability Database > CVE-2020-1729

Mend.io Vulnerability Database

CVE-2020-1729

Good to know:

Date: May 28, 2021

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2

Language: Java

Severity Score

4.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-1729

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1802444

Url: https://github.com/smallrye/smallrye-config/commit/fb0def6f61c09a2a80c9145e4ec6521225cd0b99

Url: https://www.mend.io/vulnerability-database/CVE-2020-1729

Severity Score

4.4

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version io.smallrye.config:smallrye-config:1.6.2

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-1729

Good to know:

Date: May 28, 2021

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?