High severityNVD Advisory· Published Feb 24, 2020· Updated Aug 4, 2024
Private data exposure via REST API in BuddyPress
CVE-2020-5244
Description
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
buddypress/buddypressPackagist | < 5.1.2 | 5.1.2 |
Affected products
1- Range: < 5.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-3j78-7m59-r7gvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5244ghsaADVISORY
- buddypress.org/2020/01/buddypress-5-1-2ghsaWEB
- buddypress.org/2020/01/buddypress-5-1-2/mitrex_refsource_MISC
- github.com/buddypress/BuddyPress/commit/39294680369a0c992290577a9d740f4a2f2c2ca3ghsax_refsource_MISCWEB
- github.com/buddypress/BuddyPress/security/advisories/GHSA-3j78-7m59-r7gvghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.