Описание
Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| transifex-client | fixed | 0.10-1 | package | |
| transifex-client | not-affected | wheezy | package |
Примечания
fix for CVE-2013-2073 was incorrect/incomplete
https://github.com/transifex/transifex-client/issues/42
https://github.com/transifex/transifex-client/commit/6d69d61
EPSS
Связанные уязвимости
Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.
Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.
Transifex command-line client has improper certificate validation
EPSS