CVE-2020-1887

EPSS 1.3%CWE-297

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

Productos afectados

Facebook · Osquery

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/osquery/osquery/pull/6197 https://www.facebook.com/security/advisories/cve-2020-1887