CVE-2020-19003
Verification check bypass in Gate One
5.3
MEDIUM
CVSS 3.1
EPSS 0.21%
Description
An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.
How to fix CVE-2020-19003
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- PyPI/gateone—no fix listed
- —no fix listed
Is CVE-2020-19003 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, <= 1.2.0
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |