Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xNmoyLWc4cWYtd3ZmN80WQw
Verification check bypass in Gate One
An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.
Permalink: https://github.com/advisories/GHSA-q6j2-g8qf-wvf7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNmoyLWc4cWYtd3ZmN80WQw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-q6j2-g8qf-wvf7, CVE-2020-19003
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-19003
- https://github.com/liftoff/GateOne/issues/728
- https://github.com/advisories/GHSA-q6j2-g8qf-wvf7
Blast Radius: 3.7
Affected Packages
pypi:gateone
Dependent packages: 0Dependent repositories: 5
Downloads: 39 last month
Affected Version Ranges: <= 1.2.0
No known fixed version
All affected versions: 1.2.0