CVE-2020-27589

HIGH EPSS 61.9%
Published Nov 6, 20205y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Nov 6, 2020 5y ago
Last Modified Jun 17, 2026 2w ago

Description

Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
61.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-295

Affected Products 1

VendorProductVersionRange
synopsyshub-rest-api-python*≥0.0.25  –  ≤0.0.52

References 5

  • community.synopsys.com https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified
    Vendor Advisory
  • github.com https://github.com/blackducksoftware/hub-rest-api-python
    Third Party Advisory
  • github.com https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd
    PatchThird Party Advisory
  • pypi.org https://pypi.org/project/blackduck/
    Third Party Advisory
  • optiv.com https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd
    PatchThird Party Advisory