ALT-PU-2020-2862-1
Package NetworkManager updated to version 1.26.3-alt1.g2d8c6343e for branch sisyphus in task 258369.
Closed vulnerabilities
Published: 2020-05-17
BDU:2023-02641
Уязвимость интерфейса командной строки nmcli программы для управления сетевыми соединениями Network Manager, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (4.3)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM (4.0)
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
References:
Published: 2020-06-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-10754
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.
Severity: MEDIUM (4.0)
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Severity: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44FTVXWKDYIAMOOP2PZMUY3D2QNWAVBZ/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44FTVXWKDYIAMOOP2PZMUY3D2QNWAVBZ/
Closed bugs
NetworkManager: new version