Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.
References
Link | Resource |
---|---|
https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified | Vendor Advisory |
https://github.com/blackducksoftware/hub-rest-api-python | Third Party Advisory |
https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd | Patch Third Party Advisory |
https://pypi.org/project/blackduck/ | Third Party Advisory |
https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-06T13:15:13
Updated: 2020-11-10T15:37:05
Reserved: 2020-10-21T00:00:00
Link: CVE-2020-27589
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-06T14:15:16.457
Modified: 2020-11-20T15:55:28.247
Link: CVE-2020-27589
JSON object: View
Redhat Information
No data.
CWE