Input validation

2020-03-1300:15:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

CPENameOperatorVersion
osquerygt2.9.0
osquerylt4.2.0

CPE	Name	Operator	Version
	osquery	gt	2.9.0
	osquery	lt	4.2.0

References

github.com/osquery/osquery/pull/6197

www.facebook.com/security/advisories/cve-2020-1887