CVE-2020-19003 – gateone

Package

Manager: pip
Name: gateone
Vulnerable Version: >=0 <=1.2.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00168 pctl0.38372

Details

Verification check bypass in Gate One An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.

Metadata

Created: 2021-10-12T22:34:28Z
Modified: 2024-09-20T21:02:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-q6j2-g8qf-wvf7/GHSA-q6j2-g8qf-wvf7.json
CWE IDs: ["CWE-290"]
Alternative ID: GHSA-q6j2-g8qf-wvf7
Finding: F032
Auto approve: 1