Lucene search

K
redhatcveRedhat.comRH:CVE-2024-2466
HistoryMar 27, 2024 - 9:27 a.m.

CVE-2024-2466

2024-03-2709:27:25
redhat.com
access.redhat.com
24
curl
mbedtls
tls
ip address
server certificate

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

13.5%

A flaw was found in curl. When curl is built to use mbedTLS as the TLS backend, it does not check the server certificate of TLS connections done to a host specified as an IP address.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7

Confidence

Low

EPSS

0

Percentile

13.5%