CVE-2020-7653

medium

Description

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths.

References

https://updates.snyk.io/snyk-broker-security-fixes-152338

https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570612

Details

Source: Mitre, NVD

Published: 2020-05-29

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N