Vulnerability Change Records for CVE-2020-15118

Change History

Initial Analysis 7/28/2020 8:29:45 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:* versions from (including) 2.7 up to (excluding) 2.7.4
     *cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:* versions from (including) 2.9 up to (excluding) 2.9.3
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Added CVSS V2 Metadata

								
							
							
						
Victim must voluntarily interact with attack mechanism
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Added CWE

								
							
							
						
NIST CWE-79
Changed Reference Type
https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text No Types Assigned
https://docs.djangoproject.com/en/3.0/ref/models/fields/#django.db.models.Field.help_text Third Party Advisory
Changed Reference Type
https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage No Types Assigned
https://docs.wagtail.io/en/stable/reference/contrib/forms/index.html#usage Vendor Advisory
Changed Reference Type
https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst No Types Assigned
https://github.com/wagtail/wagtail/blob/master/docs/releases/2.9.3.rst Release Notes, Third Party Advisory
Changed Reference Type
https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34 No Types Assigned
https://github.com/wagtail/wagtail/commit/d9a41e7f24d08c024acc9a3094940199df94db34 Patch, Third Party Advisory
Changed Reference Type
https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw No Types Assigned
https://github.com/wagtail/wagtail/security/advisories/GHSA-2473-9hgq-j7xw Third Party Advisory