Back to search
CVE-2020-14341
Published: Jan 12, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Red Hat Single Sign-On | affected v7.x |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1860138
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now