Vulnerability Details CVE-2020-14929
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00025.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFXQGKZZMP3VSTLZVO5Z7Z6USYIW37A6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJLY6JDVGDNAJZ3UQDWYWSDBWOAOXMNX/
- http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00025.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFXQGKZZMP3VSTLZVO5Z7Z6USYIW37A6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJLY6JDVGDNAJZ3UQDWYWSDBWOAOXMNX/
Products affected by CVE-2020-14929
-
cpe:2.3:a:alpine_project:alpine:2.10.999999
-
cpe:2.3:a:alpine_project:alpine:2.11.6
-
cpe:2.3:a:alpine_project:alpine:2.11.8
-
cpe:2.3:a:alpine_project:alpine:2.19.1
-
cpe:2.3:a:alpine_project:alpine:2.19.11
-
cpe:2.3:a:alpine_project:alpine:2.19.12
-
cpe:2.3:a:alpine_project:alpine:2.19.2
-
cpe:2.3:a:alpine_project:alpine:2.19.3
-
cpe:2.3:a:alpine_project:alpine:2.19.5
-
cpe:2.3:a:alpine_project:alpine:2.19.6
-
cpe:2.3:a:alpine_project:alpine:2.19.8
-
cpe:2.3:a:alpine_project:alpine:2.19.9
-
cpe:2.3:a:alpine_project:alpine:2.19.99
-
cpe:2.3:a:alpine_project:alpine:2.19.991
-
cpe:2.3:a:alpine_project:alpine:2.19.999
-
cpe:2.3:a:alpine_project:alpine:2.19.9991
-
cpe:2.3:a:alpine_project:alpine:2.19.9992
-
cpe:2.3:a:alpine_project:alpine:2.19.9993
-
cpe:2.3:a:alpine_project:alpine:2.19.9999
-
cpe:2.3:a:alpine_project:alpine:2.20.1
-
cpe:2.3:a:alpine_project:alpine:2.20.10
-
cpe:2.3:a:alpine_project:alpine:2.20.11
-
cpe:2.3:a:alpine_project:alpine:2.20.12
-
cpe:2.3:a:alpine_project:alpine:2.20.13
-
cpe:2.3:a:alpine_project:alpine:2.20.14
-
cpe:2.3:a:alpine_project:alpine:2.20.15
-
cpe:2.3:a:alpine_project:alpine:2.20.16
-
cpe:2.3:a:alpine_project:alpine:2.20.17
-
cpe:2.3:a:alpine_project:alpine:2.20.2
-
cpe:2.3:a:alpine_project:alpine:2.20.3
-
cpe:2.3:a:alpine_project:alpine:2.20.4
-
cpe:2.3:a:alpine_project:alpine:2.20.5
-
cpe:2.3:a:alpine_project:alpine:2.20.6
-
cpe:2.3:a:alpine_project:alpine:2.20.7
-
cpe:2.3:a:alpine_project:alpine:2.20.8
-
cpe:2.3:a:alpine_project:alpine:2.20.9
-
cpe:2.3:a:alpine_project:alpine:2.20.99
-
cpe:2.3:a:alpine_project:alpine:2.20.999
-
cpe:2.3:a:alpine_project:alpine:2.21
-
cpe:2.3:a:alpine_project:alpine:2.21.1
-
cpe:2.3:a:alpine_project:alpine:2.21.9
-
cpe:2.3:a:alpine_project:alpine:2.21.99
-
cpe:2.3:a:alpine_project:alpine:2.21.999
-
cpe:2.3:a:alpine_project:alpine:2.21.9999
-
cpe:2.3:a:alpine_project:alpine:2.21.99999
-
cpe:2.3:a:alpine_project:alpine:2.22
-
cpe:2.3:a:alpine_project:alpine:2.22.1
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32