CVE-2020-15586medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
References
https://www.cloudfoundry.org/blog/cve-2020-15586/
https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
https://security.netapp.com/advisory/ntap-20200731-0005/
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html
https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html
https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html
Details
Source: MITRE
Published: 2020-07-17
Updated: 2021-06-14
Type: CWE-362
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.2
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
Configuration 4
OR
Configuration 5
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 149258 | RHEL 8 : OpenShift Container Platform 4.7.9 packages and (RHSA-2021:1366) | Nessus | Red Hat Local Security Checks | medium |
| 148490 | RHEL 7 / 8 : OpenShift Container Platform 4.5.37 (RHSA-2021:1016) | Nessus | Red Hat Local Security Checks | high |
| 148247 | RHEL 8 : OpenShift Container Platform 4.6.23 (RHSA-2021:0956) | Nessus | Red Hat Local Security Checks | high |
| 147722 | JFrog < 6.23.0 Multiple Vulnerabilities | Nessus | Misc. | critical |
| 147707 | RHEL 7 : OpenShift Container Platform 4.5.34 packages and (RHSA-2021:0713) | Nessus | Red Hat Local Security Checks | high |
| 146371 | Debian DSA-4848-1 : golang-1.11 - security update | Nessus | Debian Local Security Checks | medium |
| 145887 | CentOS 8 : go-toolset:rhel8 (CESA-2020:3665) | Nessus | CentOS Local Security Checks | high |
| 144522 | RHEL 8 : Red Hat OpenShift Service Mesh 1.1.11 (RHSA-2020:5649) | Nessus | Red Hat Local Security Checks | high |
| 144307 | JFrog < 7.10.1 Multiple Vulnerabilities | Nessus | Misc. | critical |
| 143240 | RHEL 7 : OpenShift Container Platform 4.5.20 packages and golang (RHSA-2020:5119) | Nessus | Red Hat Local Security Checks | high |
| 143170 | Debian DLA-2459-1 : golang-1.7 security update | Nessus | Debian Local Security Checks | high |
| 143169 | Debian DLA-2460-1 : golang-1.8 security update | Nessus | Debian Local Security Checks | high |
| 142062 | EulerOS 2.0 SP5 : golang (EulerOS-SA-2020-2247) | Nessus | Huawei Local Security Checks | high |
| 141307 | RHEL 7 : go-toolset-1.13-golang (RHSA-2020:4214) | Nessus | Red Hat Local Security Checks | high |
| 140845 | EulerOS 2.0 SP3 : golang (EulerOS-SA-2020-2078) | Nessus | Huawei Local Security Checks | high |
| 140570 | openSUSE Security Update : go1.14 (openSUSE-2020-1407) | Nessus | SuSE Local Security Checks | medium |
| 140569 | openSUSE Security Update : go1.14 (openSUSE-2020-1405) | Nessus | SuSE Local Security Checks | medium |
| 140524 | Oracle Linux 8 : go-toolset:ol8 (ELSA-2020-3665) | Nessus | Oracle Linux Local Security Checks | high |
| 140391 | RHEL 8 : go-toolset:rhel8 (RHSA-2020:3665) | Nessus | Red Hat Local Security Checks | high |
| 140387 | SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2020:2562-1) | Nessus | SuSE Local Security Checks | medium |
| 140092 | Amazon Linux AMI : golang (ALAS-2020-1417) | Nessus | Amazon Linux Local Security Checks | medium |
| 139857 | Amazon Linux 2 : golang (ALAS-2020-1479) | Nessus | Amazon Linux Local Security Checks | medium |
| 139134 | EulerOS 2.0 SP8 : golang (EulerOS-SA-2020-1804) | Nessus | Huawei Local Security Checks | high |
| 139107 | Fedora 31 : golang (2020-d75360e2b0) | Nessus | Fedora Local Security Checks | medium |
| 139105 | Fedora 32 : golang (2020-9cd1204ba0) | Nessus | Fedora Local Security Checks | medium |
| 139020 | openSUSE Security Update : go1.13 (openSUSE-2020-1095) | Nessus | SuSE Local Security Checks | medium |
| 139015 | openSUSE Security Update : go1.13 (openSUSE-2020-1087) | Nessus | SuSE Local Security Checks | medium |