CVE-2020-4050
Published: 12 June 2020
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
Priority
Status
Package | Release | Status |
---|---|---|
wordpress Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
hirsute |
Ignored
(end of life)
|
|
xenial |
Needs triage
|
|
jammy |
Needs triage
|
|
bionic |
Needs triage
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
lunar |
Not vulnerable
(6.0+dfsg1-1ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.4.2+dfsg1-1)
|
|
mantic |
Not vulnerable
(6.0+dfsg1-1ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.1 |
Attack vector | Network |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4050
- https://core.trac.wordpress.org/changeset/47951
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
- https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
- https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
- NVD
- Launchpad
- Debian