CVE-2020-27589 - OpenCVE

Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Synopsys	Hub-rest-api-python

Configuration 1 [-]

cpe:2.3:a:synopsys:hub-rest-api-python:*:*:*:*:*:*:*:*

References

Link	Resource
https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified	Vendor Advisory
https://github.com/blackducksoftware/hub-rest-api-python	Third Party Advisory
https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd	Patch Third Party Advisory
https://pypi.org/project/blackduck/	Third Party Advisory
https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-06T13:15:13

Updated: 2020-11-10T15:37:05

Reserved: 2020-10-21T00:00:00

Link: CVE-2020-27589

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-06T14:15:16.457

Modified: 2020-11-20T15:55:28.247

Link: CVE-2020-27589

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-10T15:37:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://pypi.org/project/blackduck/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/blackducksoftware/hub-rest-api-python"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd"}, {"tags": ["x_refsource_MISC"], "url": "https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-27589", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://pypi.org/project/blackduck/", "refsource": "MISC", "url": "https://pypi.org/project/blackduck/"}, {"name": "https://github.com/blackducksoftware/hub-rest-api-python", "refsource": "MISC", "url": "https://github.com/blackducksoftware/hub-rest-api-python"}, {"name": "https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd", "refsource": "MISC", "url": "https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd"}, {"name": "https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper", "refsource": "MISC", "url": "https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper"}, {"name": "https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified", "refsource": "CONFIRM", "url": "https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-27589", "datePublished": "2020-11-06T13:15:13", "dateReserved": "2020-10-21T00:00:00", "dateUpdated": "2020-11-10T15:37:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synopsys:hub-rest-api-python:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F7501DD-56C8-46B6-921B-8DF6E0ED2CC2", "versionEndIncluding": "0.0.52", "versionStartIncluding": "0.0.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases."}, {"lang": "es", "value": "Synopsys hub-rest-api-python (tambi\u00e9n se conoce como blackduck en PyPI) versiones 0.0.25 - 0.0.52, no comprueba certificados SSL en determinados casos"}], "id": "CVE-2020-27589", "lastModified": "2020-11-20T15:55:28.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-06T14:15:16.457", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/blackducksoftware/hub-rest-api-python"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pypi.org/project/blackduck/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}