CVE-2020-8284

Beschreibung:
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

CWE: CWE-200

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: LOW – 3.7 (Version: 3.1)

Links:

NVD – CVE-2020-8284
CVE – CVE-2020-8284

Link (max. 20) Quelle Tags
https://hackerone.com/reports/1040166 MISC Permissions Required Third Party Advisory Third Party Advisory
https://curl.se/docs/CVE-2020-8284.html MISC Vendor Advisory Patch Third Party Advisory
FEDORA-2020-ceaf490686 FEDORA Third Party Advisory Third Party Advisory
[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update MLIST Mailing List Third Party Advisory Vendor Advisory
FEDORA-2020-7ab62c73bc FEDORA Third Party Advisory Third Party Advisory
GLSA-202012-14 GENTOO Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0007/ CONFIRM Mailing List Third Party Advisory Third Party Advisory
DSA-4881 DEBIAN Mailing List Third Party Advisory
https://support.apple.com/kb/HT212325 CONFIRM Mailing List Third Party Advisory Vendor Advisory
https://support.apple.com/kb/HT212326 CONFIRM Mailing List Third Party Advisory
https://support.apple.com/kb/HT212327 CONFIRM Mailing List Third Party Advisory
[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka MLIST Mailing List Third Party Advisory
[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka MLIST Mailing List Third Party Advisory
[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1 MLIST Mailing List Vendor Advisory
[activemq-issues] 20210509 [jira] [Deleted] (AMQ-8244) CVE-2021-26117 on AMQ 5.16.1 MLIST Mailing List Vendor Advisory
[activemq-issues] 20210509 [jira] [Deleted] (AMQ-8245) CVE-2021-26117 on AMQ 5.16.1 MLIST Exploit Third Party Advisory VDB Entry

Quelle: NVD – CVE-2020-8284
Datum Veröffentlichung: 2020-12-14T20:15Z, Datum letzte Änderung: 2021-05-07T02:15Z