Vulnerabilities > CVE-2020-11872 - Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Bluetrace Opentrace 1.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

bluetrace

CWE-915

NVD

Published: 2020-04-17

Updated: 2021-07-21

Summary

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs.

Vulnerable Configurations

Part	Description	Count
Application	Bluetrace Bluetrace Opentrace 1.0	1

Common Weakness Enumeration (CWE)

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

References

https://github.com/opentrace-community/opentrace-cloud-functions/issues/7