CVE-2020-16156

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

CPAN 2.28 allows Signature Verification Bypass.

Ссылки

http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
Exploit
Third Party Advisory
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
Product
Third Party Advisory
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
Exploit
Third Party Advisory
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:perl:comprehensive_perl_archive_network:2.28:-:*:*:*:perl:*:*

cpe:2.3:a:perl:comprehensive_perl_archive_network:2.28:trial:*:*:*:perl:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00021

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-347

Связанные уязвимости

CVE-2020-16156

CVSS3: 7.8

ubuntu

больше 3 лет назад

CPAN 2.28 allows Signature Verification Bypass.

CVE-2020-16156

CVSS3: 7.8

redhat

больше 3 лет назад

CPAN 2.28 allows Signature Verification Bypass.

CVE-2020-16156

CVSS3: 7.8

debian

больше 3 лет назад

CPAN 2.28 allows Signature Verification Bypass.

GHSA-mx9v-6qg3-92rp

CVSS3: 7.8

github

больше 3 лет назад

CPAN 2.28 allows Signature Verification Bypass.

ELSA-2025-8432

oracle-oval

16 дней назад

ELSA-2025-8432: perl-CPAN security update (MODERATE)

EPSS

Процентиль: 4%

0.00021

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-347