From 0af86a8288fb5980f2283d4af36fb6308b7aaa11 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Dec 2020 23:01:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/26xxx/CVE-2020-26234.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2020/26xxx/CVE-2020-26234.json b/2020/26xxx/CVE-2020-26234.json index a2832a1b13d..4df57adcf45 100644 --- a/2020/26xxx/CVE-2020-26234.json +++ b/2020/26xxx/CVE-2020-26234.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests.\n\nHostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks.\n\nThis problem is fixed in Opencast 7.9 and Opencast 8.8\n\nPlease be aware that fixing the problem means that Opencast will not simply accept any self-signed certificates any longer without properly importing them. If you need those, please make sure to import them into the Java key store. Better yet, get a valid certificate." + "value": "Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. This problem is fixed in Opencast 7.9 and Opencast 8.8 Please be aware that fixing the problem means that Opencast will not simply accept any self-signed certificates any longer without properly importing them. If you need those, please make sure to import them into the Java key store. Better yet, get a valid certificate." } ] },