Уязвимость CVE-2020-8172: Информация

Описание

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.

Важность: HIGH (7,4) Вектор: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8172
Опубликовано: 8 июня 2020 г.
Изменено: 12 мая 2022 г.
Идентификатор типа ошибки: CWE-295

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
nodesisyphus14.4.0-alt120.13.1-alt1ALT-PU-2020-2223-1253835Исправлено
nodep1014.4.0-alt116.19.1-alt1ALT-PU-2020-2223-1253835Исправлено
nodep914.11.0-alt214.17.2-alt1ALT-PU-2020-2926-1258101Исправлено
nodec10f114.4.0-alt116.19.1-alt1ALT-PU-2020-2223-1253835Исправлено
nodec9f216.17.1-alt0.c9.116.19.1-alt0.c9.1ALT-PU-2022-3073-1303505Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://hackerone.com/reports/811502
  • Exploit
  • Third Party Advisory
https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/
  • Vendor Advisory
https://security.netapp.com/advisory/ntap-20200625-0002/
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
  • Patch
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
  • Patch
  • Third Party Advisory
GLSA-202101-07
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
  • Patch
  • Third Party Advisory
N/A
  • Not Applicable
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
  • Patch
  • Third Party Advisory

    1. Конфигурация 1

      cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
      Start including
      12.0.0
      End excliding
      12.18.0
      cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
      Start including
      14.0.0
      End excliding
      14.4.0

      Конфигурация 2

      cpe:2.3:a:oracle:graalvm:19.3.2:*:*:*:enterprise:*:*:*
      cpe:2.3:a:oracle:graalvm:20.1.0:*:*:*:enterprise:*:*:*
      cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
      Start including
      8.0.0
      End including
      8.0.21
      cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
      Start including
      7.6.0
      End including
      7.6.15
      cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
      Start including
      7.5.0
      End including
      7.5.19
      cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
      Start including
      7.4.0
      End including
      7.4.29
      cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
      End including
      7.3.30
      cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
      End excliding
      21.1.2
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.1
Наверх