CVE-2020-27508

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
frappefrappe
𝑥
< 12.10.0
𝑥
= Vulnerable software versions
References
https://github.com/frappe/frappe/pull/11262
https://github.com/frappe/frappe/pull/11263
https://github.com/frappe/frappe/pull/11262
https://github.com/frappe/frappe/pull/11263