CVE-2020-24715

Опубликовано: 27 авг. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 6.8

EPSS Низкий

Описание

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName.

Ссылки

https://scalyr-static.s3.amazonaws.com/technical-details/index.html
Exploit
Third Party Advisory
https://scalyr-static.s3.amazonaws.com/technical-details/index.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scalyr:scalyr_agent:*:*:*:*:*:*:*:*

Версия до 2.1.10 (исключая)

EPSS

Процентиль: 42%

0.00203

Низкий

9.8 Critical

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-738x-v49g-p6hx