5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.009 Low
EPSS
Percentile
83.2%
Alpine before 2.23 silently proceeds to use an insecure connection after a
/tls is sent in certain circumstances involving PREAUTH, which is a less
secure behavior than the alternative of closing the connection and letting
the user decide what they would like to do.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | alpine | < any | UNKNOWN |
ubuntu | 20.04 | noarch | alpine | < any | UNKNOWN |
ubuntu | 20.10 | noarch | alpine | < 2.23+dfsg1-1 | UNKNOWN |
ubuntu | 21.04 | noarch | alpine | < 2.23+dfsg1-1 | UNKNOWN |
ubuntu | 21.10 | noarch | alpine | < 2.23+dfsg1-1 | UNKNOWN |
ubuntu | 22.04 | noarch | alpine | < 2.23+dfsg1-1 | UNKNOWN |
ubuntu | 22.10 | noarch | alpine | < 2.23+dfsg1-1 | UNKNOWN |
ubuntu | 23.04 | noarch | alpine | < 2.23+dfsg1-1 | UNKNOWN |
ubuntu | 23.10 | noarch | alpine | < 2.23+dfsg1-1 | UNKNOWN |
ubuntu | 24.04 | noarch | alpine | < 2.23+dfsg1-1 | UNKNOWN |
mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
launchpad.net/bugs/cve/CVE-2020-14929
nvd.nist.gov/vuln/detail/CVE-2020-14929
repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab
security-tracker.debian.org/tracker/CVE-2020-14929
www.cve.org/CVERecord?id=CVE-2020-14929
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.009 Low
EPSS
Percentile
83.2%