Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-8284
HistoryDec 09, 2020 - 12:00 a.m.

CVE-2020-8284

2020-12-0900:00:00
ubuntu.com
ubuntu.com
13

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

45.3%

A malicious server can use the FTP PASV response to trick curl 7.73.0 and
earlier into connecting back to a given IP address and port, and this way
potentially make curl extract information about services that are otherwise
private and not disclosed, for example doing port scanning and service
banner extractions.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcurl< 7.58.0-2ubuntu3.12UNKNOWN
ubuntu20.04noarchcurl< 7.68.0-1ubuntu2.4UNKNOWN
ubuntu20.10noarchcurl< 7.68.0-1ubuntu4.2UNKNOWN
ubuntu14.04noarchcurl< 7.35.0-1ubuntu2.20+esm6UNKNOWN
ubuntu16.04noarchcurl< 7.47.0-1ubuntu2.18UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

45.3%