CVE-2020-19003

Published: Oct 6, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.

Affected (1)

Products: Liftoffsoftware: Gate One

Liftoffsoftware

1 product

Gate One

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Liftoffsoftware Gate One	Version 1.2.0

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (4)

https://cwe.mitre.org/data/definitions/290.html

Source: cve@mitre.org

Technical Description

https://github.com/liftoff/GateOne/issues/728

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://cwe.mitre.org/data/definitions/290.html

Source: af854a3a-2127-422b-91ae-364da2661108

Technical Description

https://github.com/liftoff/GateOne/issues/728

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.