What is CVE-2020-26253?

CVE-2020-26253 is a medium-severity vulnerability in Getkirby Kirby, classified under Origin Validation Error. CVSS score: 6.8/10. Published 2020-12-08.

How severe is CVE-2020-26253?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Getkirby Kirby

CVE-2020-26253

Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on…

EPSS: 0.002 (36.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N.

Affected products

Getkirby Kirby — versions < 3.3.6

Weakness classification (CWE)

CWE-346 — Origin Validation Error

References

github.com/getkirby/kirby/security/advisories/GHSA-2ccx-2gf3-8xvv (x_refsource_CONFIRM)
github.com/getkirby-v2/panel/commit/7f9ac1876bacb89fd8f142f5e561a02ebb725baa (x_refsource_MISC)
github.com/getkirby/kirby/releases/tag/3.3.6 (x_refsource_MISC)
packagist.org/packages/getkirby/cms (x_refsource_MISC)
packagist.org/packages/getkirby/panel (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-26253?: CVE-2020-26253 is a medium-severity vulnerability in Getkirby Kirby, classified under Origin Validation Error. CVSS score: 6.8/10. Published 2020-12-08.
How severe is CVE-2020-26253?: Medium severity. CVSS v3 base score is 6.8 out of 10.