CVE-2020-15391

Improper Authentication in npm/devspace

Identifiers

CVE-2020-15391

Package Slug

npm/devspace

Vulnerability

Improper Authentication

Description

The UI in DevSpace allows web-sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads to remote code execution.

Affected Versions

All versions before 4.14.0

Solution

Upgrade to version 4.14.0 or above.

Last Modified

2020-07-29

source