Lucene search

K

MitreVULNRICHMENT:CVE-2023-31484

HistoryApr 28, 2023 - 12:00 a.m.

CVE-2023-31484

2023-04-2800:00:00

mitre

github.com

4

cpan.pm

tls certificates

https

download

AI Score

6.8

Confidence

Low

EPSS

0.005

Percentile

75.5%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:cpanpm_project:cpanpm:*:*:*:*:*:*:*:*"
    ],
    "vendor": "cpanpm_project",
    "product": "cpanpm",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.35",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.openwall.com/lists/oss-security/2023/04/29/1

www.openwall.com/lists/oss-security/2023/05/03/3

www.openwall.com/lists/oss-security/2023/05/03/5

www.openwall.com/lists/oss-security/2023/05/07/2

blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/

github.com/andk/cpanpm/pull/175

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/

metacpan.org/dist/CPAN/changes

security.netapp.com/advisory/ntap-20240621-0007/

www.openwall.com/lists/oss-security/2023/04/18/14

AI Score

6.8

Confidence

Low

EPSS

0.005

Percentile

75.5%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2023-31484

ubuntu2 prion1 openvas25 rocky1 nessus34 debiancve1 cve1 osv6 oraclelinux2 amazon2 cloudfoundry2 veracode1 nvd1 almalinux2 fedora2 cbl_mariner1 redos1 cvelist1 redhat2 ubuntucve1 redhatcve1 ibm8 f51 aix1 hp1 oracle1