Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-13
Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.
Products | Osquery |
Type | Improper Certificate Validation (CWE-295) |
First patch | - None (likely due to unavailable code) |
Links |
• https://www.facebook.com/security/advisories/cve-2020-1887
• https://github.com/osquery/osquery/pull/6197 |