CVE-2020-24714: Scalyr Agent Missing SSL Certificate Validation
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.44836%
CWE
Published
5/24/2022
Updated
10/22/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
scalyr-agent-2 | pip | < 2.1.10 | 2.1.10 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The patches indicate a significant overhaul of the TLS connection handling in the Scalyr Agent, moving away from tlslite and towards the standard ssl module for Python. This change addresses the Missing SSL Certificate Validation vulnerability by ensuring proper certificate validation and hostname verification are performed during TLS connections.