CVE-2020-24928

EUVD-2020-17632
managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
premidpremid
𝑥
≤ 2.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/PreMiD/PreMiD/pull/501
https://github.com/PreMiD/PreMiD/pull/501