Описание
The Uniffle HTTP client is configured to trust all SSL certificates and
disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks.
This issue affects all versions from before 0.10.0.
Users are recommended to upgrade to version 0.10.0, which fixes the issue.
Ссылки
- Mailing ListVendor AdvisoryIssue Tracking
- Mailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
9.1 Critical
CVSS3
Дефекты
Связанные уязвимости
The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. This issue affects all versions from before 0.10.0. Users are recommended to upgrade to version 0.10.0, which fixes the issue.
EPSS
9.1 Critical
CVSS3