Описание
Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.
Ссылки
- Patch
- Patch
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 0.8 (включая)
Одно из
cpe:2.3:a:transifex:transifex:*:*:*:*:*:*:*:*
cpe:2.3:a:transifex:transifex:0.1:*:*:*:*:*:*:*
cpe:2.3:a:transifex:transifex:0.2:*:*:*:*:*:*:*
cpe:2.3:a:transifex:transifex:0.3:*:*:*:*:*:*:*
cpe:2.3:a:transifex:transifex:0.4:*:*:*:*:*:*:*
cpe:2.3:a:transifex:transifex:0.5:*:*:*:*:*:*:*
cpe:2.3:a:transifex:transifex:0.6:*:*:*:*:*:*:*
cpe:2.3:a:transifex:transifex:0.7:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
почти 12 лет назад
Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.
debian
почти 12 лет назад
Transifex command-line client before 0.9 does not validate X.509 certi ...
github
больше 3 лет назад
Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.
EPSS
Процентиль: 36%
0.00152
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20