CVE-2020-1887

Summary

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

Affected Software

VendorProductVersion RangeStatus
FacebookOsquery4.2.0affected
FacebookOsquerynext of 2.9.0 < unspecifiedaffected
FacebookOsquery2.9.0affected

Weaknesses

  • CWE-297: Improper Validation of Certificate with Host Mismatch (CWE-297)

ADP Enrichment

CVE Program Container

Additional References

References