GHSA-w6xv-mf6f-r5f6

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Scalyr Agent Missing SSL Certificate Validation

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-24714
https://github.com/scalyr/scalyr-agent-2/commit/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867
https://github.com/pypa/advisory-database/tree/main/vulns/scalyr-agent-2/PYSEC-2020-251.yaml
https://github.com/scalyr/scalyr-agent-2/blob/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867/CHANGELOG.md
https://scalyr-static.s3.amazonaws.com/technical-details/index.html

Пакеты

Наименование

scalyr-agent-2

pip

Затронутые версииВерсия исправления

< 2.1.10

2.1.10

EPSS

Процентиль: 45%

0.00222

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-24714

Дефекты

CWE-295

Связанные уязвимости

CVE-2020-24714

CVSS3: 9.8

nvd

больше 5 лет назад

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.

EPSS

Процентиль: 45%

0.00222

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-24714

Дефекты

CWE-295