How severe is CVE-2020-25684?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2020-25684?

This is classified as CWE-358, which is a common weakness in software security.

CVE-2020-25684

LOW Year: 2020

CVSS v3 Score

3.7

Low

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-358

View all →

Vulnerability Description

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVE-2020-25686

LOW

CVSS:3.7(Low)

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 1...

CWE-3582020

CVE-2024-36511

LOW

CVSS:3.7(Low)

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 ...

CWE-3582024

CVE-2021-3448

MEDIUM

CVSS:4.0(Medium)

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the netw...

CWE-3582021

CVE-2017-2604

MEDIUM

CVSS:4.3(Medium)

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

CWE-3582017

CVE-2017-2611

MEDIUM

CVSS:4.3(Medium)

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permiss...

CWE-3582017

CVE-2020-10743

MEDIUM

CVSS:4.3(Medium)

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to...

CWE-3582020

CVE-2020-25684

Vulnerability Description

Related Vulnerabilities

CVE-2020-25686

CVE-2024-36511

CVE-2021-3448

CVE-2017-2604

CVE-2017-2611

CVE-2020-10743