Vulnerability Details CVE-2020-24619
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.8%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2020-24619
-
cpe:2.3:a:meltytech:shotcut:14.05
-
cpe:2.3:a:meltytech:shotcut:14.06
-
cpe:2.3:a:meltytech:shotcut:14.07
-
cpe:2.3:a:meltytech:shotcut:14.08
-
cpe:2.3:a:meltytech:shotcut:14.09
-
cpe:2.3:a:meltytech:shotcut:14.10
-
cpe:2.3:a:meltytech:shotcut:14.11
-
cpe:2.3:a:meltytech:shotcut:14.12
-
cpe:2.3:a:meltytech:shotcut:15.01
-
cpe:2.3:a:meltytech:shotcut:15.02
-
cpe:2.3:a:meltytech:shotcut:15.03
-
cpe:2.3:a:meltytech:shotcut:15.04
-
cpe:2.3:a:meltytech:shotcut:15.05
-
cpe:2.3:a:meltytech:shotcut:15.06
-
cpe:2.3:a:meltytech:shotcut:15.07
-
cpe:2.3:a:meltytech:shotcut:15.08
-
cpe:2.3:a:meltytech:shotcut:15.09
-
cpe:2.3:a:meltytech:shotcut:15.10
-
cpe:2.3:a:meltytech:shotcut:15.11
-
cpe:2.3:a:meltytech:shotcut:15.12
-
cpe:2.3:a:meltytech:shotcut:16.01
-
cpe:2.3:a:meltytech:shotcut:16.02
-
cpe:2.3:a:meltytech:shotcut:16.03
-
cpe:2.3:a:meltytech:shotcut:16.04
-
cpe:2.3:a:meltytech:shotcut:16.05
-
cpe:2.3:a:meltytech:shotcut:16.06
-
cpe:2.3:a:meltytech:shotcut:16.07
-
cpe:2.3:a:meltytech:shotcut:16.08
-
cpe:2.3:a:meltytech:shotcut:16.09
-
cpe:2.3:a:meltytech:shotcut:16.10
-
cpe:2.3:a:meltytech:shotcut:16.11
-
cpe:2.3:a:meltytech:shotcut:16.12
-
cpe:2.3:a:meltytech:shotcut:17.01
-
cpe:2.3:a:meltytech:shotcut:17.02
-
cpe:2.3:a:meltytech:shotcut:17.03
-
cpe:2.3:a:meltytech:shotcut:17.04
-
cpe:2.3:a:meltytech:shotcut:17.05
-
cpe:2.3:a:meltytech:shotcut:17.06
-
cpe:2.3:a:meltytech:shotcut:17.08
-
cpe:2.3:a:meltytech:shotcut:17.09
-
cpe:2.3:a:meltytech:shotcut:17.10
-
cpe:2.3:a:meltytech:shotcut:17.11
-
cpe:2.3:a:meltytech:shotcut:17.12
-
cpe:2.3:a:meltytech:shotcut:18.01
-
cpe:2.3:a:meltytech:shotcut:18.03
-
cpe:2.3:a:meltytech:shotcut:18.03.06
-
cpe:2.3:a:meltytech:shotcut:18.05
-
cpe:2.3:a:meltytech:shotcut:18.05.08
-
cpe:2.3:a:meltytech:shotcut:18.06
-
cpe:2.3:a:meltytech:shotcut:18.06.02
-
cpe:2.3:a:meltytech:shotcut:18.07
-
cpe:2.3:a:meltytech:shotcut:18.08
-
cpe:2.3:a:meltytech:shotcut:18.08.11
-
cpe:2.3:a:meltytech:shotcut:18.08.14
-
cpe:2.3:a:meltytech:shotcut:18.09.13
-
cpe:2.3:a:meltytech:shotcut:18.09.15
-
cpe:2.3:a:meltytech:shotcut:18.09.16
-
cpe:2.3:a:meltytech:shotcut:18.10.01
-
cpe:2.3:a:meltytech:shotcut:18.10.08
-
cpe:2.3:a:meltytech:shotcut:18.11.04
-
cpe:2.3:a:meltytech:shotcut:18.11.13
-
cpe:2.3:a:meltytech:shotcut:18.11.18
-
cpe:2.3:a:meltytech:shotcut:18.12.15
-
cpe:2.3:a:meltytech:shotcut:18.12.23
-
cpe:2.3:a:meltytech:shotcut:19.01.19
-
cpe:2.3:a:meltytech:shotcut:19.01.24
-
cpe:2.3:a:meltytech:shotcut:19.01.27
-
cpe:2.3:a:meltytech:shotcut:19.02.20
-
cpe:2.3:a:meltytech:shotcut:19.02.28
-
cpe:2.3:a:meltytech:shotcut:19.04.21
-
cpe:2.3:a:meltytech:shotcut:19.04.30
-
cpe:2.3:a:meltytech:shotcut:19.06.04
-
cpe:2.3:a:meltytech:shotcut:19.06.15
-
cpe:2.3:a:meltytech:shotcut:19.07.07
-
cpe:2.3:a:meltytech:shotcut:19.07.15
-
cpe:2.3:a:meltytech:shotcut:19.08.05
-
cpe:2.3:a:meltytech:shotcut:19.08.16
-
cpe:2.3:a:meltytech:shotcut:19.09.02
-
cpe:2.3:a:meltytech:shotcut:19.09.14
-
cpe:2.3:a:meltytech:shotcut:19.10.10
-
cpe:2.3:a:meltytech:shotcut:19.10.20
-
cpe:2.3:a:meltytech:shotcut:19.12.08
-
cpe:2.3:a:meltytech:shotcut:19.12.16
-
cpe:2.3:a:meltytech:shotcut:19.12.23
-
cpe:2.3:a:meltytech:shotcut:19.12.31
-
cpe:2.3:a:meltytech:shotcut:20.02.02
-
cpe:2.3:a:meltytech:shotcut:20.02.17
-
cpe:2.3:a:meltytech:shotcut:20.04.01
-
cpe:2.3:a:meltytech:shotcut:20.04.05
-
cpe:2.3:a:meltytech:shotcut:20.04.12
-
cpe:2.3:a:meltytech:shotcut:20.06.05
-
cpe:2.3:a:meltytech:shotcut:20.06.14
-
cpe:2.3:a:meltytech:shotcut:20.06.28
-
cpe:2.3:a:meltytech:shotcut:20.07.11
-
cpe:2.3:a:meltytech:shotcut:20.09.01