VDB
CVE-2020-25073
CVE-2020-25073
PUBLISHED
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled.
EPSS 0.66% · 71.6th percentile
Risk Scores
EPSS Score
0.66%
71.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | plinth | 0, 0.22.0, 0.24.0 |
| Ubuntu:16.04:LTS | plinth | 0, 0.4.4-1, 0.6-1 |
| Ubuntu:20.04:LTS | plinth | 0, 19.14, 19.19 |
Exploit Intelligence
Timeline
- Sep 2, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-25073 third-party-advisory
- https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-25073 third-party-advisory