Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Red Hat - Red Hat Single Sign-On

cve-2020-14341

Vulnerability from cvelistv5

Published

2021-01-12 14:23

Modified

2024-08-04 12:39

Severity ?

Summary

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1860138	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Red Hat

Red Hat Single Sign-On

Version: v7.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860138"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Red Hat Single Sign-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "v7.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The \"Test Connection\" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user\u0027s choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-385",
              "description": "CWE-385",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-12T14:23:31",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860138"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14341",
    "datePublished": "2021-01-12T14:23:31",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-04T12:39:36.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}