4.3

CVE-2020-8284

EPSS 0.1%
Published 14.12.2020 20:15:13
Last modified 21.11.2024 05:38:39
Source support@hackerone.com
Teams watchlist Login
Open Login

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 19

Data is provided by the National Vulnerability Database (NVD)

Haxx ≫ Curl Version <= 7.73.0

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Hci Management Node Version-

Netapp ≫ Solidfire Version-

Netapp ≫ Hci Storage Node Version-

Netapp ≫ Hci Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Apple ≫ macOS X Version >= 10.14.0 < 10.14.6

Apple ≫ macOS X Version >= 10.15 < 10.15.7

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-002

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-004

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-005

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-006

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-007

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-002

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-003

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-004

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-005

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-006

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-007

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.14.6 Updatesupplemental_update

Apple ≫ macOS X Version10.14.6 Updatesupplemental_update_2

Apple ≫ macOS X Version10.15.7 Update-

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-007

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesupplemental_update

Apple ≫ macOS Version11.0.1

Apple ≫ macOS Version11.1

Apple ≫ macOS Version11.2

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.3.0

Oracle ≫ Communications Cloud Native Core Policy Version1.14.0

Oracle ≫ Essbase Version21.2

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Fujitsu ≫ M10-1 Firmware Version < xcp2410

Fujitsu ≫ M10-1 Version-

Fujitsu ≫ M10-4 Firmware Version < xcp2410

Fujitsu ≫ M10-4 Version-

Fujitsu ≫ M10-4s Firmware Version < xcp2410

Fujitsu ≫ M10-4s Version-

Fujitsu ≫ M12-1 Firmware Version < xcp2410

Fujitsu ≫ M12-1 Version-

Fujitsu ≫ M12-2 Firmware Version < xcp2410

Fujitsu ≫ M12-2 Version-

Fujitsu ≫ M12-2s Firmware Version < xcp2410

Fujitsu ≫ M12-2s Version-

Fujitsu ≫ M10-1 Firmware Version < xcp3110

Fujitsu ≫ M10-1 Version-

Fujitsu ≫ M10-4 Firmware Version < xcp3110

Fujitsu ≫ M10-4 Version-

Fujitsu ≫ M10-4s Firmware Version < xcp3110

Fujitsu ≫ M10-4s Version-

Fujitsu ≫ M12-1 Firmware Version < xcp3110

Fujitsu ≫ M12-1 Version-

Fujitsu ≫ M12-2 Firmware Version < xcp3110

Fujitsu ≫ M12-2 Version-

Fujitsu ≫ M12-2s Firmware Version < xcp3110

Fujitsu ≫ M12-2s Version-

Siemens ≫ Sinec Infrastructure Network Services Version < 1.0.1.1

Splunk ≫ Universal Forwarder Version >= 8.2.0 < 8.2.12

Splunk ≫ Universal Forwarder Version >= 9.0.0 < 9.0.6

Splunk ≫ Universal Forwarder Version9.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.274

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch

Third Party Advisory

https://support.apple.com/kb/HT212326

Third Party Advisory

https://support.apple.com/kb/HT212327

Third Party Advisory

https://support.apple.com/kb/HT212325

Third Party Advisory

https://www.debian.org/security/2021/dsa-4881

Third Party Advisory

https://security.gentoo.org/glsa/202012-14

Third Party Advisory

https://curl.se/docs/CVE-2020-8284.html

Vendor Advisory

https://hackerone.com/reports/1040166

Permissions Required

https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20210122-0007/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8284

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8284

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8284

EUVD