Описание
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel8 | Not affected | ||
| Red Hat AMQ Broker 7 | okhttp | Not affected | ||
| Red Hat build of Apicurio Registry 2 | okhttp | Not affected | ||
| Red Hat build of Quarkus | okhttp | Not affected | ||
| Red Hat Decision Manager 7 | okhttp | Out of support scope | ||
| Red Hat Enterprise Linux 8 | log4j:2/log4j | Not affected | ||
| Red Hat Enterprise Linux 9 | log4j | Not affected | ||
| Red Hat Fuse 7 | okhttp | Out of support scope | ||
| Red Hat Integration Camel K 1 | okhttp | Will not fix | ||
| Red Hat Integration Camel Quarkus 1 | okhttp | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069
Уязвимость компонента Centralized Thirdparty Jars (OkHttp) средства управления доступом Oracle Access Manager, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
7.5 High
CVSS3