Описание
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.
This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.
Ссылки
EPSS
Процентиль: 5%
0.00022
Низкий
8 High
CVSS3
Дефекты
CWE-266
Связанные уязвимости
CVSS3: 8
github
8 месяцев назад
Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.
EPSS
Процентиль: 5%
0.00022
Низкий
8 High
CVSS3
Дефекты
CWE-266