CVE-2020-14196

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-14196

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14196.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-14196

Related

Published

2020-07-01T18:15:10Z

Modified

2024-09-03T04:42:16.457869Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.

References

Affected packages

Debian:11 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.2-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.2-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / pdns-recursor

Package

Name: pdns-recursor
Purl: pkg:deb/debian/pdns-recursor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.2-1

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/powerdns/pdns

Affected ranges

Type: GIT
Repo: https://github.com/powerdns/pdns
Events: Introduced

2e63a37703ddea61f037c312341d364224130e16

Last affected

130c3986cee3d79e08672333a0706fc795381513

Introduced

f8e019026f5a1eff4b56a90a39c4acac95ae9dc4

Last affected

474236432a3b497e2729178673a48a2b60ee4876

Last affected

aeba5fdaad53465e43c7047ff49629d617b83420

Affected versions

rec-4.*

rec-4.2.0

rec-4.2.1

rec-4.2.2

rec-4.3.0

rec-4.3.1