CVE-2020-10871

medium

Description

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further

References

https://github.com/openwrt/luci/issues/3766

https://github.com/openwrt/luci/issues/3653#issue-567892007

https://github.com/openwrt/luci/issues/3563#issuecomment-578522860

Details

Source: Mitre, NVD

Published: 2020-03-23

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00503