CVE-2020-12272
CVE-2020-12272
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
27 abr 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://lists.debian.org/debian-lts-announce/2023/08/msg00035.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2D4JGHMALEJEWWG56DKR5OZB22TK7W5B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KBOGOQOK3TIWWJV66MW5YWNRJAFFYGR5/https://sourceforge.net/p/opendmarc/tickets/237/https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf