CVE-2020-8172
Description
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
Risk Information
Base Score
7.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
1.178
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 12 (x64) (12.18.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 12 (12.18.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 14 (14.21.3) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 14 (x64) (14.21.3) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (x64) (10.21.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (10.21.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 7.3.30 | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 7.4.29 | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 7.5.19 | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 7.6.15 | Windows |
| Vulnerabilities CVE-2020-14853,CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 8.0.21 | Windows |
| (RHSA-2020:2852) nodejs:12 security update nodejs-12.18.2-1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-debugsource-12.18.2-1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-devel-12.18.2-1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-docs-12.18.2-1.module+el8.2.0+7233+61d664c1.noarch.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-full-i18n-12.18.2-1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update npm-6.14.5-1.12.18.2.1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234