Описание
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
Отчет
This issue affects the versions of rubygem-net-ldap as shipped with Red Hat Subscription Asset Manager 1 and Satellite version 6. Red Hat Product Security has rated this issue as having Moderate security impact. No update is planned at this time however a future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | ruby193-rubygem-net-ldap | Will not fix | ||
| Red Hat Subscription Asset Manager | ruby193-rubygem-net-ldap | Will not fix | ||
| Red Hat Satellite 6.7 for RHEL 7 | ansiblerole-foreman_scap_client | Fixed | RHSA-2020:1454 | 14.04.2020 |
| Red Hat Satellite 6.7 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2020:1454 | 14.04.2020 |
| Red Hat Satellite 6.7 for RHEL 7 | ansiblerole-satellite-receptor-installer | Fixed | RHSA-2020:1454 | 14.04.2020 |
| Red Hat Satellite 6.7 for RHEL 7 | ansible-runner | Fixed | RHSA-2020:1454 | 14.04.2020 |
| Red Hat Satellite 6.7 for RHEL 7 | candlepin | Fixed | RHSA-2020:1454 | 14.04.2020 |
| Red Hat Satellite 6.7 for RHEL 7 | createrepo_c | Fixed | RHSA-2020:1454 | 14.04.2020 |
| Red Hat Satellite 6.7 for RHEL 7 | foreman | Fixed | RHSA-2020:1454 | 14.04.2020 |
| Red Hat Satellite 6.7 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2020:1454 | 14.04.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SS ...
net-ldap Improper Certificate Validation vulnerability
EPSS
4.8 Medium
CVSS3