PT-2021-10271 · Gate One · Gateone
Zh3-H4Ck
·
Published
2021-10-06
·
Updated
2022-09-14
·
CVE-2020-19003
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Gate One version 1.2.0
Description:
The issue allows attackers to bypass the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.
Recommendations:
For Gate One version 1.2.0, consider restricting access to the origins list to prevent unauthorized connections until a patch is available. As a temporary workaround, review and manually verify the hosts connected to Gate One instances to ensure they are authorized. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gateone