exploitDog

GHSA-7m8h-2ghm-554f

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.

Ссылки

EPSS

Процентиль: 41%

0.00195

Низкий

CVE ID

Дефекты

CWE-327

Связанные уязвимости

CVE-2020-24619

CVSS3: 5.9

ubuntu

больше 5 лет назад

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.

CVE-2020-24619

CVSS3: 5.9

nvd

больше 5 лет назад

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.

EPSS

Процентиль: 41%

0.00195

Низкий

CVE ID

Дефекты

CWE-327