Vulnerabilities > CVE-2020-3996 - Unspecified vulnerability in VMWare Velero

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

vmware

NVD

Published: 2020-10-22

Updated: 2020-10-30

Summary

Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Velero *	1

References

https://github.com/vmware-tanzu/velero/security/advisories/GHSA-72xg-3mcq-52v4