Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-14387

Опубликовано: 27 мая 2021
Источник: nvd
CVSS3: 7.4
CVSS2: 5.8
EPSS Низкий

Описание

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
Версия от 3.2.1 (включая) до 3.2.4 (исключая)
cpe:2.3:a:samba:rsync:3.2.0:-:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.2.0:pre1:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.2.0:pre2:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:3.2.0:pre3:*:*:*:*:*:*

EPSS

Процентиль: 35%
0.00142
Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-297

Связанные уязвимости

ubuntu логотип

CVE-2020-14387

CVSS3: 7.4
ubuntu
больше 4 лет назад

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

redhat логотип

CVE-2020-14387

CVSS3: 9.1
redhat
больше 5 лет назад

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

msrc логотип

CVE-2020-14387

CVSS3: 7.4
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-14387

CVSS3: 7.4
debian
больше 4 лет назад

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperl ...

github логотип

GHSA-5gm2-c485-9q6q

github
больше 3 лет назад

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

EPSS

Процентиль: 35%
0.00142
Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-297