CVE-2020-24703

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-24703
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24703.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-24703
Published
2020-08-27T16:15:11.583Z
Modified
2026-04-10T04:18:57.230277Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.

References

Affected packages

Git / github.com/wso2-attic/analytics-is

Affected ranges

Type
GIT
Repo
https://github.com/wso2-attic/analytics-is
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bb7e011d81a237aa5e74265c33466ae254f7fdb6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c65432eeff55c8da96ad0a412dff9a0aa714f564
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bb7e011d81a237aa5e74265c33466ae254f7fdb6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bb7e011d81a237aa5e74265c33466ae254f7fdb6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.5.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/wso2/product-apim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e4956e9301b1c26eb06e80ec5c86628154b6ab55
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.0"
        }
    ]
}

Affected versions

test-tag-1.*
test-tag-1.9.0-Alpha
v1.*
v1.9.0
v1.9.0-Alpha
v1.9.0-Beta
v1.9.0-Beta-2
v1.9.0-Beta-3
v1.9.0-M2
v2.*
v2.0.0-ALPHA
v2.0.0-M4
v2.1.0-alpha
v2.1.0-update1
v2.1.0-update10
v2.1.0-update11
v2.1.0-update12
v2.1.0-update13
v2.1.0-update14
v2.1.0-update2
v2.1.0-update3
v2.1.0-update5
v2.1.0-update7
v2.1.0-update8
v2.1.0-update9
v2.2.0
v2.2.0-update1
v2.2.0-update2
v2.2.0-update3
v2.2.0-update4
v2.2.0-update5
v2.2.0-update6
v2.2.0-update7
v2.5.0
v2.5.0-Alpha
v2.5.0-Beta
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.5.0-rc4
v2.6.0
v2.6.0-alpha
v2.6.0-alpha2
v2.6.0-beta
v2.6.0-beta2
v2.6.0-m1
v2.6.0-m2
v2.6.0-rc1
v2.6.0-rc2
v2.6.0-rc3
v3.*
v3.0.0
v3.0.0-alpha
v3.0.0-alpha2
v3.0.0-beta
v3.0.0-m32
v3.0.0-m33
v3.0.0-m34
v3.0.0-m35
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.1.0
v3.1.0-alpha
v3.1.0-beta
v3.1.0-m1
v3.1.0-m2
v3.1.0-m3
v3.1.0-m4
v3.1.0-m5
v3.1.0-rc1
v3.1.0-rc2
v3.1.0-rc3
v3.2.0
v3.2.0-alpha
v3.2.0-beta
v3.2.0-m1
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.0-rc5
v3.2.0-rc6
v5.*
v5.2.0-beta2
v5.2.0-latest
v5.3.0-alpha2
v5.4.0-beta
v5.4.0-update1
v5.4.0-update4
v5.4.1
v5.5.0
v5.5.0-alpha
v5.5.0-alpha2
v5.5.0-alpha3
v5.5.0-beta
v5.5.0-rc1
v5.5.0-rc2
v5.6.0
v5.6.0-rc1
v5.6.0-rc2
v5.6.0-rc3
v5.7.0
v5.7.0-alpha
v5.7.0-alpha2
v5.7.0-alpha3
v5.7.0-beta
v5.7.0-beta2
v5.7.0-beta3
v5.7.0-beta4
v5.7.0-beta5
v5.7.0-m3
v5.7.0-m4
v5.7.0-m5
v5.7.0-rc1
v5.7.0-rc2
v5.7.0-rc3
v5.8.0
v5.8.0-alpha
v5.8.0-alpha2
v5.8.0-alpha3
v5.8.0-alpha4
v5.8.0-alpha5
v5.8.0-alpha6
v5.8.0-beta
v5.8.0-beta2
v5.8.0-beta3
v5.8.0-beta4
v5.8.0-beta5
v5.8.0-m1
v5.8.0-m10
v5.8.0-m11
v5.8.0-m12
v5.8.0-m13
v5.8.0-m14
v5.8.0-m15
v5.8.0-m16
v5.8.0-m17
v5.8.0-m18
v5.8.0-m19
v5.8.0-m2
v5.8.0-m20
v5.8.0-m21
v5.8.0-m22
v5.8.0-m24
v5.8.0-m25
v5.8.0-m26
v5.8.0-m3
v5.8.0-m4
v5.8.0-m5
v5.8.0-m6
v5.8.0-m7
v5.8.0-m8
v5.8.0-m9
v5.8.0-rc1
v5.8.0-rc2
v5.8.0-rc3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24703.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.3.1"
            }
        ]
    }
]