CVE-2020-14387

Source
https://cve.org/CVERecord?id=CVE-2020-14387
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14387.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-14387
Downstream
Related
Published
2021-05-27T20:15:07.873Z
Modified
2026-07-08T05:58:30.508022168Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:samba:rsync:3.2.0:-:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "3.2.0-NA"
                },
                {
                    "last_affected": "3.2.0-NA"
                },
                {
                    "introduced": "3.2.0-NA"
                },
                {
                    "last_affected": "3.2.0-NA"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "samba:rsync"
        }
    ]
}
References

Affected packages

Git / git.samba.org/rsync.git/

Affected ranges

Type
GIT
Repo
https://git.samba.org/rsync.git/
Events
Introduced
a8fc8fc2d22ba7243b96decb91c586682a05e4a1
Fixed
0ac7ebceef70417355f25daf9e2fd94e84c49749
Introduced
c225330aaf9d6032a79317bda1bf669e90ac7212
Last affected
0b2d5fe4940211ba25a89f18a9889b9ab55d38ef
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.2.1"
        },
        {
            "fixed": "3.2.4"
        },
        {
            "introduced": "3.2.0-NA"
        },
        {
            "last_affected": "3.2.0-NA"
        },
        {
            "introduced": "3.2.0-pre1"
        },
        {
            "last_affected": "3.2.0-pre1"
        },
        {
            "introduced": "3.2.0-pre2"
        },
        {
            "last_affected": "3.2.0-pre2"
        },
        {
            "introduced": "3.2.0-pre3"
        },
        {
            "last_affected": "3.2.0-pre3"
        }
    ],
    "cpe": [
        "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:samba:rsync:3.2.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:samba:rsync:3.2.0:pre1:*:*:*:*:*:*",
        "cpe:2.3:a:samba:rsync:3.2.0:pre2:*:*:*:*:*:*",
        "cpe:2.3:a:samba:rsync:3.2.0:pre3:*:*:*:*:*:*"
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

3.*
3.2.0-NA
3.2.0-pre1
3.2.0-pre2
3.2.0-pre3
v3.*
v3.2.1
v3.2.2
v3.2.2pre1
v3.2.2pre2
v3.2.2pre3
v3.2.3
v3.2.3pre1
v3.2.4pre1
v3.2.4pre2
v3.2.4pre3
v3.2.4pre4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14387.json"