CVE-2020-5244

HIGH8.0EPSS 1.1%

Private data exposure via REST API in BuddyPress

發布日:2020/2/24修改日:2026/3/13

描述

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.

受影響套件(1)

Packagist/buddypress/buddypressfrom 0, < 5.1.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-5244
WEBhttps://buddypress.org/2020/01/buddypress-5-1-2
WEBhttps://github.com/buddypress/BuddyPress/commit/39294680369a0c992290577a9d740f4a2f2c2ca3
WEBhttps://github.com/buddypress/BuddyPress/security/advisories/GHSA-3j78-7m59-r7gv