Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-15720

Опубликовано: 14 июл. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4
CVSS3: 6.8

Описание

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

eoan

ignored

end of life
esm-apps/bionic

ignored

regressions likely
esm-apps/focal

not-affected

esm-apps/jammy

not-affected

esm-apps/xenial

ignored

regressions likely
esm-infra-legacy/trusty

DNE

focal

not-affected

groovy

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 41%
0.00186
Низкий

4 Medium

CVSS2

6.8 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-15720

CVSS3: 6.8
redhat
больше 5 лет назад

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.

nvd логотип

CVE-2020-15720

CVSS3: 6.8
nvd
больше 5 лет назад

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.

debian логотип

CVE-2020-15720

CVSS3: 6.8
debian
больше 5 лет назад

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...

github логотип

GHSA-hpcm-hcj8-c96c

github
больше 3 лет назад

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.

oracle-oval логотип

ELSA-2020-4847

oracle-oval
около 5 лет назад

ELSA-2020-4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 41%
0.00186
Низкий

4 Medium

CVSS2

6.8 Medium

CVSS3