Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2020-14387
HistoryMay 27, 2021 - 8:15 p.m.

CVE-2020-14387

2021-05-2720:15:00
Alpine Linux Development Team
security.alpinelinux.org
19

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

Related

prion 1
cbl_mariner 1
veracode 1
f5 1
archlinux 1
osv 1
debiancve 1
ubuntucve 1
cve 1
redhatcve 1
nessus 2
photon 2
gentoo 1
prion
prion
Design/Logic Flaw
2021-05-27 20:15:00
cbl_mariner
cbl_mariner
CVE-2020-14387 affecting package rsync for versions less than 3.2.3-2
2022-04-26 19:57:36
veracode
veracode
Improper Validation Of Certificate
2020-12-19 19:36:48
f5
f5
K84155336 : rsync vulnerability CVE-2020-14387
2022-04-30 00:00:00
archlinux
archlinux
[ASA-202101-1] rsync: man-in-the-middle
2021-01-04 00:00:00
osv
osv
CVE-2020-14387
2021-05-27 20:15:07
debiancve
debiancve
CVE-2020-14387
2021-05-27 20:15:00
ubuntucve
ubuntucve
CVE-2020-14387
2021-05-27 00:00:00
cve
cve
CVE-2020-14387
2021-05-27 20:15:00
redhatcve
redhatcve
CVE-2020-14387
2020-09-03 18:48:39
nessus
nessus
Photon OS 4.0: Rsync PHSA-2021-4.0-0046
2021-06-21 00:00:00
GLSA-202405-22 : rsync: Multiple Vulnerabilities
2024-05-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0046
2021-06-15 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0046
2021-06-15 00:00:00
gentoo
gentoo
rsync: Multiple Vulnerabilities
2024-05-08 00:00:00

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON
Related for ALPINE:CVE-2020-14387
prion1cbl_mariner1veracode1f51archlinux1osv1debiancve1ubuntucve1cve1redhatcve1nessus2photon2gentoo1