CVE-2020-27958 Information

Description

The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

https://listsprd.osu.edu/pipermail/ood-users/ https://discourse.osc.edu/t/security-fix-in-open-ondemand-1-8-18-and-1-7-19-patch-releases-now-available/1198 https://github.com/OSC/Open-OnDemand/commits/master

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3