vulnerability
SUSE: CVE-2021-32066: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Jul 21, 2021 | Dec 2, 2021 | Oct 26, 2022 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Jul 21, 2021
Added
Dec 2, 2021
Modified
Oct 26, 2022
Description
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Solutions
suse-upgrade-libruby2_1-2_1suse-upgrade-libruby2_5-2_5suse-upgrade-ruby2-1suse-upgrade-ruby2-1-develsuse-upgrade-ruby2-1-stdlibsuse-upgrade-ruby2-5suse-upgrade-ruby2-5-develsuse-upgrade-ruby2-5-devel-extrasuse-upgrade-ruby2-5-docsuse-upgrade-ruby2-5-doc-risuse-upgrade-ruby2-5-stdlib
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.