CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/04/29/1 | Mailing List Patch |
http://www.openwall.com/lists/oss-security/2023/05/03/3 | Mailing List Patch |
http://www.openwall.com/lists/oss-security/2023/05/03/5 | Mailing List |
http://www.openwall.com/lists/oss-security/2023/05/07/2 | Mailing List |
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ | Mitigation Patch Third Party Advisory |
https://github.com/andk/cpanpm/pull/175 | Exploit Issue Tracking |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/ | |
https://metacpan.org/dist/CPAN/changes | Release Notes |
https://www.openwall.com/lists/oss-security/2023/04/18/14 | Mailing List Patch |
Configurations
History
07 Nov 2023, 04:14
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
02 Aug 2023, 15:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Perl perl
Perl |
|
CPE | cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/ - Third Party Advisory |
10 Jul 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 May 2023, 17:11
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-295 | |
CPE | cpe:2.3:a:cpanpm_project:cpanpm:*:*:*:*:*:*:*:* | |
First Time |
Cpanpm Project cpanpm
Cpanpm Project |
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/05/03/3 - Mailing List, Patch | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/05/03/5 - Mailing List | |
References | (MISC) https://metacpan.org/dist/CPAN/changes - Release Notes | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/05/07/2 - Mailing List | |
References | (MISC) https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ - Mitigation, Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/04/29/1 - Mailing List, Patch | |
References | (MISC) https://github.com/andk/cpanpm/pull/175 - Exploit, Issue Tracking | |
References | (MISC) https://www.openwall.com/lists/oss-security/2023/04/18/14 - Mailing List, Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
08 May 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 May 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 May 2023, 10:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-29 00:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-31484
Mitre link : CVE-2023-31484
CVE.ORG link : CVE-2023-31484
JSON object : View
Products Affected
cpanpm_project
- cpanpm
perl
- perl
CWE
CWE-295
Improper Certificate Validation