CVE-2020-8213

EUVD-2020-29088
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
uiunifi_protect
𝑥
≤ 1.13.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.ui.com/releases/Security-advisory-bulletin-013-013/56d4d616-4afd-40ee-863f-319b7126ed84
https://community.ui.com/releases/Security-advisory-bulletin-013-013/56d4d616-4afd-40ee-863f-319b7126ed84