CVE-2020-16263

CVE-2020-16263

EPSS 1.2%

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4 https://winstonprivacy.com/