CVE-2020-1887

EPSS 1.3%CWE-297

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

Produtos afetados

Facebook · Osquery

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/osquery/osquery/pull/6197 https://www.facebook.com/security/advisories/cve-2020-1887