CVE-2020-24714: Scalyr Agent Missing SSL Certificate Validation
(updated )
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.
References
- github.com/advisories/GHSA-w6xv-mf6f-r5f6
- github.com/pypa/advisory-database/tree/main/vulns/scalyr-agent-2/PYSEC-2020-251.yaml
- github.com/scalyr/scalyr-agent-2
- github.com/scalyr/scalyr-agent-2/blob/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867/CHANGELOG.md
- github.com/scalyr/scalyr-agent-2/commit/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867
- nvd.nist.gov/vuln/detail/CVE-2020-24714
- scalyr-static.s3.amazonaws.com/technical-details/index.html
Detect and mitigate CVE-2020-24714 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →