CVE-2020-14196

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-14196
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14196.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-14196
Related
Published
2020-07-01T18:15:10Z
Modified
2025-01-08T06:58:45.066268Z
Downstream
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.

References

Affected packages

Debian:11 / pdns-recursor

Package

Name
pdns-recursor
Purl
pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.2-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:12 / pdns-recursor

Package

Name
pdns-recursor
Purl
pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.2-1

Ecosystem specific 

{
    "urgency": "low"
}

Debian:13 / pdns-recursor

Package

Name
pdns-recursor
Purl
pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.2-1

Ecosystem specific 

{
    "urgency": "low"
}

Git / github.com/powerdns/pdns

Affected ranges

Type
GIT
Repo
https://github.com/powerdns/pdns
Events
Introduced
2e63a37703ddea61f037c312341d364224130e16
Last affected
130c3986cee3d79e08672333a0706fc795381513
Introduced
f8e019026f5a1eff4b56a90a39c4acac95ae9dc4
Last affected
474236432a3b497e2729178673a48a2b60ee4876
Last affected
aeba5fdaad53465e43c7047ff49629d617b83420

Affected versions

rec-4.*

rec-4.2.0
rec-4.2.1
rec-4.2.2
rec-4.3.0
rec-4.3.1