Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2020-14387
HistoryMay 27, 2021 - 8:15 p.m.

CVE-2020-14387

2021-05-2720:15:07
Alpine Linux Development Team
security.alpinelinux.org
29
rsync vulnerability
certificate validation
man-in-the-middle
data confidentiality
data integrity
cve-2020-14387
version 3.2.0pre1
version 3.2.4

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

Related

cbl_mariner 1
prion 1
nvd 1
nessus 2
cvelist 1
redhatcve 1
veracode 1
archlinux 1
f5 1
osv 2
debiancve 1
ubuntucve 1
cve 1
photon 2
gentoo 1
cbl_mariner
cbl_mariner
CVE-2020-14387 affecting package rsync for versions less than 3.2.3-2
2022-04-26 19:57:36
prion
prion
Design/Logic Flaw
2021-05-27 20:15:00
nvd
nvd
CVE-2020-14387
2021-05-27 20:15:07
nessus
nessus
Photon OS 4.0: Rsync PHSA-2021-4.0-0046
2021-06-21 00:00:00
GLSA-202405-22 : rsync: Multiple Vulnerabilities
2024-05-08 00:00:00
cvelist
cvelist
CVE-2020-14387
2021-05-27 19:44:53
redhatcve
redhatcve
CVE-2020-14387
2020-09-03 18:48:39
veracode
veracode
Improper Validation Of Certificate
2020-12-19 19:36:48
archlinux
archlinux
[ASA-202101-1] rsync: man-in-the-middle
2021-01-04 00:00:00
f5
f5
K84155336 : rsync vulnerability CVE-2020-14387
2022-04-30 00:00:00
osv
osv
CVE-2020-14387
2021-05-27 20:15:07
rsync-3.2.3-2.6 on GA media
2024-06-15 00:00:00
debiancve
debiancve
CVE-2020-14387
2021-05-27 20:15:07
ubuntucve
ubuntucve
CVE-2020-14387
2021-05-27 00:00:00
cve
cve
CVE-2020-14387
2021-05-27 20:15:07
photon
photon
Important Photon OS Security Update - PHSA-2021-0046
2021-06-15 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0046
2021-06-15 00:00:00
gentoo
gentoo
rsync: Multiple Vulnerabilities
2024-05-08 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON
Related for ALPINE:CVE-2020-14387
cbl_mariner1prion1nvd1nessus2cvelist1redhatcve1veracode1archlinux1f51osv2debiancve1ubuntucve1cve1photon2gentoo1