CVE-2020-27958 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Affected Products (NVD)

Vendor	Product	Version
osu	ohio_supercomputer_center_open_ondemand	𝑥 < 1.7.19
osu	ohio_supercomputer_center_open_ondemand	1.8.0 ≤ 𝑥 < 1.8.18

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-116 - Improper Encoding or Escaping of Output
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

https://discourse.osc.edu/t/security-fix-in-open-ondemand-1-8-18-and-1-7-19-patch-releases-now-available/1198

https://github.com/OSC/Open-OnDemand/commits/master

https://listsprd.osu.edu/pipermail/ood-users/

https://discourse.osc.edu/t/security-fix-in-open-ondemand-1-8-18-and-1-7-19-patch-releases-now-available/1198

https://github.com/OSC/Open-OnDemand/commits/master

https://listsprd.osu.edu/pipermail/ood-users/