Lucene search
MitreCVELIST:CVE-2020-15720HistoryJul 14, 2020 - 1:46 p.m.
CVE-2020-15720
2020-07-1413:46:58
mitre
www.cve.org
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.
Related
veracode
veracode
Man-in-the-Middle (MitM)
2020-07-15 07:25:12
prion
prion
Design/Logic Flaw
2020-07-14 14:15:00
cve
cve
CVE-2020-15720
2020-07-14 14:15:17
osv
osv
CVE-2020-15720
2020-07-14 14:15:17
debiancve
debiancve
CVE-2020-15720
2020-07-14 14:15:17
redhatcve
redhatcve
CVE-2020-15720
2020-07-15 15:37:57
nvd
nvd
CVE-2020-15720
2020-07-14 14:15:17
nessus
nessus
RHEL 6 : pki (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : pki-core (Unpatched Vulnerability)
2024-06-03 00:00:00
Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2020-4847)
2023-09-07 00:00:00
ubuntucve
ubuntucve
CVE-2020-15720
2020-07-14 00:00:00
oraclelinux
oraclelinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-10 00:00:00
almalinux
almalinux
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-11-03 12:29:58
redhat
redhat