CVE-2020-14196 — Incorrect Authorization in Recursor

CWE-863 — Incorrect Authorization8 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 93.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Powerdns Recursor

Timeline

PublishedJul 1

Latest updateMay 24

Description

In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDpowerdns/recursor4.2.0 — 4.2.2+2

🔴Vulnerability Details

GHSA

GHSA-fqf5-f2p3-h3j2: In PowerDNS Recursor versions up to and including 4↗2022-05-24

▶

CVEList

CVE-2020-14196: In PowerDNS Recursor versions up to and including 4↗2020-07-01

▶

OSV

CVE-2020-14196: In PowerDNS Recursor versions up to and including 4↗2020-07-01

▶

📋Vendor Advisories

Debian

CVE-2020-14196: pdns-recursor - In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the A...↗2020

▶

💬Community

Bugzilla

CVE-2020-14196 pdns: ACL restricting access to the internal web server is not properly enforced [fedora-all]↗2020-07-01

▶

Bugzilla

CVE-2020-14196 pdns: ACL restricting access to the internal web server is not properly enforced [epel-all]↗2020-07-01

▶

Bugzilla

CVE-2020-14196 pdns: ACL restricting access to the internal web server is not properly enforced↗2020-07-01

▶