CVE-2020-14387
- Source
- https://cve.org/CVERecord?id=CVE-2020-14387
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14387.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-14387
- Downstream
- Related
- Published
- 2021-05-27T20:15:07.873Z
- Modified
- 2026-04-10T04:22:35.416481Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.
- References
Affected packages
Git / git.samba.org/rsync.git
Affected ranges
- Type
- GIT
- Repo
- https://git.samba.org/rsync.git
- Events
-
Introduceda8fc8fc2d22ba7243b96decb91c586682a05e4a1Fixed0ac7ebceef70417355f25daf9e2fd94e84c49749Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedc225330aaf9d6032a79317bda1bf669e90ac7212Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedc528f8d5c8aa7b16b20cda72a9f4119699890c28Introduced0 Unknown introduced commit / All previous commits are affectedLast affected6f0c56304fdb3131a5c2a3af90761f0cfdc07f62Introduced0 Unknown introduced commit / All previous commits are affectedLast affected0b2d5fe4940211ba25a89f18a9889b9ab55d38ef
- Database specific
{ "versions": [ { "introduced": "3.2.1" }, { "fixed": "3.2.4" }, { "introduced": "0" }, { "last_affected": "3.2.0-NA" }, { "introduced": "0" }, { "last_affected": "3.2.0-pre1" }, { "introduced": "0" }, { "last_affected": "3.2.0-pre2" }, { "introduced": "0" }, { "last_affected": "3.2.0-pre3" } ] }
Affected versions
Other
mbp_bk_export0
v1.*
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v2.*
v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7pre2
v2.4.7pre4
v2.5.0
v2.5.1
v2.5.1pre1
v2.5.1pre2
v2.5.1pre3
v2.5.2
v2.5.2pre1
v2.5.2pre2
v2.5.2pre3
v2.5.3
v2.5.3pre1
v2.5.4
v2.5.4pre1
v2.5.5
v2.5.5.rc1
v2.5.6
v2.6.0
v2.6.0pre1
v2.6.0pre2
v2.6.1
v2.6.1pre1
v2.6.1pre2
v2.6.2
v2.6.2pre1
v2.6.3
v2.6.3pre1
v2.6.3pre2
v2.6.4
v2.6.4pre1
v2.6.4pre2
v2.6.4pre3
v2.6.4pre4
v2.6.5
v2.6.5pre1
v2.6.5pre2
v2.6.6pre1
v2.6.7
v2.6.7pre1
v2.6.7pre2
v2.6.7pre3
v2.6.8
v2.6.8pre1
v2.6.9
v2.6.9pre1
v2.6.9pre2
v2.6.9pre3
v3.*
v3.0.0
v3.0.0pre1
v3.0.0pre10
v3.0.0pre2
v3.0.0pre3
v3.0.0pre4
v3.0.0pre5
v3.0.0pre6
v3.0.0pre7
v3.0.0pre8
v3.0.0pre9
v3.0.1
v3.0.1pre1
v3.0.1pre2
v3.0.1pre3
v3.0.2
v3.0.3
v3.0.3pre1
v3.0.3pre2
v3.0.3pre3
v3.1.0
v3.1.0pre1
v3.1.1
v3.1.1pre1
v3.1.1pre2
v3.1.2
v3.1.2pre1
v3.1.3
v3.1.3pre1
v3.2.0
v3.2.0pre1
v3.2.0pre2
v3.2.0pre3
v3.2.1
v3.2.2
v3.2.2pre1
v3.2.2pre2
v3.2.2pre3
v3.2.3
v3.2.3pre1
v3.2.4pre1
v3.2.4pre2
v3.2.4pre3
v3.2.4pre4