CVE-2020-9488: Improper Certificate Validation

April 27, 2020 (updated December 12, 2021)

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

References

issues.apache.org/jira/browse/LOG4J2-2819
nvd.nist.gov/vuln/detail/CVE-2020-9488

Detect and mitigate CVE-2020-9488 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →