A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions.

References

bugzilla.redhat.com/show_bug.cgi?id=1845247

nvd.nist.gov/vuln/detail/CVE-2020-8172

www.cve.org/CVERecord?id=CVE-2020-8172

hackerone 1

cve 1

ibm 15

nvd 1

ubuntucve 1

osv 4

alpinelinux 1

openvas 3

debiancve 1

prion 1

veracode 1

cvelist 1

altlinux 2

nessus 9

almalinux 1

redhat 3

freebsd 1

rocky 1

nodejsblog 1

oraclelinux 1

ics 3

gentoo 1

photon 2

oracle 4

hackerone

Node.js: Node.js: TLS session reuse can lead to hostname verification bypass

2020-03-05 17:30:12

cve

CVE-2020-8172

2020-06-08 14:15:13

ibm

Security Bulletin: A security vulnerability in Node.js affects IBM Voice Gateway

2020-11-30 18:52:31

Security Bulletin: IBM DataPower Monitor is potentially vulnerable to an authentication bypass (CVE-2020-8172)

2021-06-08 21:52:38

Security Bulletin: IBM Cloud Pak for Integration is affected by multiple Node.js vulnerabilities

2020-08-04 09:50:19

nvd

CVE-2020-8172

2020-06-08 14:15:13

ubuntucve

CVE-2020-8172

2020-06-08 00:00:00

osv

CVE-2020-8172

2020-06-08 14:15:13

BIT-node-2020-8172

2024-03-06 11:08:30

Important: nodejs:12 security update

2020-07-07 08:52:35

alpinelinux

CVE-2020-8172

2020-06-08 14:15:13

openvas

Node.js 12.x < 12.18.0, 14.x < 14.4.0 Host Certificate Verification Bypass Vulnerability - Windows

2020-07-29 00:00:00

Node.js 12.x < 12.18.0, 14.x < 14.4.0 Host Certificate Verification Bypass Vulnerability - Mac OS X

2020-07-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:1606-1)

2021-06-09 00:00:00

debiancve

CVE-2020-8172

2020-06-08 14:15:13

prion

Design/Logic Flaw

2020-06-08 14:15:00

veracode

Hostname Verification Bypass

2020-06-09 02:53:46

cvelist

CVE-2020-8172

2020-06-08 13:08:16

altlinux

Security fix for the ALT Linux 9 package node version 14.4.0-alt1

2020-06-19 00:00:00

Security fix for the ALT Linux 10 package node version 14.4.0-alt1

2020-06-19 00:00:00

nessus

Oracle Linux 8 : nodejs:12 (ELSA-2020-2852)

2020-08-13 00:00:00

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:1606-1)

2020-06-18 00:00:00

RHEL 8 : nodejs:12 (RHSA-2020:2847)

2020-07-07 00:00:00

almalinux

Important: nodejs:12 security update

2020-07-07 08:52:35

redhat

(RHSA-2020:2852) Important: nodejs:12 security update

2020-07-07 08:52:35

(RHSA-2020:2847) Important: nodejs:12 security update

2020-07-07 08:51:11

(RHSA-2020:2895) Important: rh-nodejs12-nodejs security update

2020-07-13 10:17:39

freebsd

Node.js -- June 2020 Security Releases

2020-06-02 00:00:00

rocky

nodejs:12 security update

2020-07-07 08:52:35

nodejsblog

June 2020 Security Releases

2020-06-02 00:00:00

oraclelinux

nodejs:12 security update

2020-07-14 00:00:00

ics

Hitachi Energy Gateway Station (GWS) Product

2022-08-30 12:00:00

Hitachi Energy FACTS Control Platform (FCP) Product

2022-08-30 12:00:00

Hitachi Energy MicroSCADA Pro/X SYS600

2022-04-21 12:00:00

gentoo

NodeJS: Multiple vulnerabilities

2021-01-11 00:00:00

photon

Important Photon OS Security Update - PHSA-2020-0119

2020-07-29 00:00:00

Important Photon OS Security Update - PHSA-2020-3.0-0119

2020-07-29 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Oracle Critical Patch Update Advisory - October 2020

2020-10-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for RH:CVE-2020-8172