CVE-2020-1887 (NVD)

2020-03-13

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

Products Osquery
Type Improper Certificate Validation (CWE-295)
First patch - None (likely due to unavailable code)
Links https://www.facebook.com/security/advisories/cve-2020-1887
https://github.com/osquery/osquery/pull/6197