vulnerability
SUSE: CVE-2020-8284: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Dec 9, 2020 | Dec 12, 2020 | Oct 22, 2021 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Dec 9, 2020
Added
Dec 12, 2020
Modified
Oct 22, 2021
Description
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
Solutions
suse-upgrade-curlsuse-upgrade-curl-minisuse-upgrade-curl-openssl1suse-upgrade-libcurl-develsuse-upgrade-libcurl-devel-32bitsuse-upgrade-libcurl-mini-develsuse-upgrade-libcurl4suse-upgrade-libcurl4-32bitsuse-upgrade-libcurl4-minisuse-upgrade-libcurl4-openssl1suse-upgrade-libcurl4-openssl1-32bitsuse-upgrade-libcurl4-openssl1-x86
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.