Published: 02/11/2020 Updated: 01/07/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

An issue exists in REDCap 8.11.6 up to and including 9.x prior to 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vanderbilt redcap

CVE-2020-27358 and CVE-2020-27359

CVE-2020-27358 / CVE-2020-27359 Exploitation steps for CVE-2020-27358 and CVE-2020-27359 CVE-2020-27358 An issue was discovered in REDCap 8116 through 9x before 10 The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter i

CWE-276 https://github.com/seb1055/cve-2020-27358-27359 https://www.evms.edu/research/resources_services/redcap/redcap_change_log/https://www.ruse.tech/blog/38 https://nvd.nist.gov https://github.com/seb1055/cve-2020-27358-27359

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-27358

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect