Man-in-the-Middle (MitM)

2020-10-2817:44:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.4 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

4.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:P/A:P

JSON

puppet-agent is vulnerable to man-in-the-middle attack. The Puppet Agent does not properly verify the SSL connection when downloading a CRL.

CPENameOperatorVersion
python-oauth2eq1.5.211__5.el7sat
python-itsdangerouseq0.23__2.el7
python-itsdangerouseq0.23__1.el7
python-itsdangerouseq0.24__14.el7ost
python-itsdangerouseq0.23__1.el7sat
python-itsdangerouseq0.23__1.el7ui
tfm-rubygem-rest-clienteq2.0.0__1.el7sat
tfm-rubygem-rest-clienteq2.0.1__3.el7sat
tfm-rubygem-rest-clienteq2.0.1__2.el7sat
tfm-rubygem-rest-clienteq2.0.2__1.el7sat

Name	Operator	Version
python-oauth2	eq	1.5.211__5.el7sat
python-itsdangerous	eq	0.23__2.el7
python-itsdangerous	eq	0.23__1.el7
python-itsdangerous	eq	0.24__14.el7ost
python-itsdangerous	eq	0.23__1.el7sat
python-itsdangerous	eq	0.23__1.el7ui
tfm-rubygem-rest-client	eq	2.0.0__1.el7sat
tfm-rubygem-rest-client	eq	2.0.1__3.el7sat
tfm-rubygem-rest-client	eq	2.0.1__2.el7sat
tfm-rubygem-rest-client	eq	2.0.2__1.el7sat