CVE-2020-1887

Published March 13th, 2020

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

5.8

MEDIUM

Affected

PROJECT

Description

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

osquery/osquery

SQL powered operating system instrumentation, monitoring, and analytics.

GitHub

23.3K