cbcvebase.
CVE-2020-14929
published 2020-06-19

CVE-2020-14929: Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure…

PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.82%
76.1th percentile
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.

Affected

12 ranges
VendorProductVersion rangeFixed in
alpine_projectalpine< 2.232.23
alpine_projectalpine>= 0 < 2.23+dfsg1-12.23+dfsg1-1
alpine_projectalpine>= 0 < 2.23+dfsg1-12.23+dfsg1-1
alpine_projectalpine>= 0 < 2.23+dfsg1-12.23+dfsg1-1
alpine_projectalpine>= 0 < 2.23+dfsg1-12.23+dfsg1-1
alpine_projectalpine>= 0 < 2.20+dfsg1-2ubuntu0.1~esm12.20+dfsg1-2ubuntu0.1~esm1
alpine_projectalpine>= 0 < 2.21+dfsg1-1ubuntu0.1~esm12.21+dfsg1-1ubuntu0.1~esm1
alpine_projectalpine>= 0 < 2.22+dfsg1-1ubuntu0.1~esm12.22+dfsg1-1ubuntu0.1~esm1
debianalpine< alpine 2.23+dfsg1-1 (bookworm)alpine 2.23+dfsg1-1 (bookworm)
debiandebian_linux
fedoraprojectfedora
fedoraprojectfedora

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.