Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-31747: Pluck 4.7.15 - Missing SSL Certificate Validation in update_applet.php · Issue #101 · pluck-cms/pluck

Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.

CVE
#vulnerability#apple

Issue Summary
Pluck’s update system deliberately skips SSL certificate validation.

Detailed Description
Within update_applet.php is the following code:

        // Dont check ssl certifical
        curl_setopt($geturl, CURLOPT_SSL_VERIFYPEER, false);

This ensures peer SSL certificates are never valdiated.

Impact
In theory, this vulnerability can make the Pluck’s update system susceptible to Man-in-the-middle attacks.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907