CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

References

Affected packages

Git / github.com/openvpn/openvpn

Affected ranges

Type

GIT

Repo

https://github.com/openvpn/openvpn

Events

Introduced

Fixed

092734634796e9637920e029fea716afc146cd82

Introduced

a73072d8f780e888aca7d79b993b1e59c9d8f364

Fixed

23ae78e657052748be68b623ca8122e4103dc7e0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.11"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.2"
        }
    ]
}

Affected versions

Other

contains

start_of_2.*

start_of_2.8

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1_rc1

v2.1_rc10

v2.1_rc11

v2.1_rc12

v2.1_rc13

v2.1_rc14

v2.1_rc15

v2.1_rc16

v2.1_rc17

v2.1_rc18

v2.1_rc19

v2.1_rc2

v2.1_rc20

v2.1_rc21

v2.1_rc22

v2.1_rc3

v2.1_rc4

v2.1_rc5

v2.1_rc6

v2.1_rc7

v2.1_rc8

v2.1_rc9

v2.2-RC

v2.2-RC2

v2.2-beta1

v2.2-beta2

v2.2-beta3

v2.2-beta4

v2.2-beta5

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.3-alpha1

v2.3.0

v2.3.1

v2.3.10

v2.3.11

v2.3.12

v2.3.13

v2.3.14

v2.3.15

v2.3.16

v2.3.17

v2.3.18

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.3_alpha2

v2.3_alpha3

v2.3_beta1

v2.3_rc1

v2.3_rc2

v2.4.0

v2.4.1

v2.4.10

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.4_alpha1

v2.4_alpha2

v2.4_beta1

v2.4_beta2

v2.4_rc1

v2.4_rc2

v2.5.0

v2.5.1

v2.5_beta1

v2.5_beta2

v2.5_beta3

v2.5_beta4

v2.5_rc1

v2.5_rc2

v2.5_rc3

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.13

v2.6.14

v2.6.15

v2.6.16

v2.6.17

v2.6.18

v2.6.19

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.6_beta1

v2.6_beta2

v2.6_branched

v2.6_rc1

v2.6_rc2

v2.7.0

v2.7.1

v2.7_alpha1

v2.7_alpha2

v2.7_alpha3

v2.7_beta1

v2.7_beta2

v2.7_beta3

v2.7_rc1

v2.7_rc2

v2.7_rc3

v2.7_rc4

v2.7_rc5

v2.7_rc6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15078.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]