Bug 1841041 (CVE-2020-10754)
Summary: | CVE-2020-10754 NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acardace, atragler, bgalvani, dcbw, fgiudici, gnome-sig, john.j5live, lkundrak, lrintel, mclasen, nm-team, rhughes, rkhan, rstrode, sandmann, security-response-team, sukulkar, thaller, till |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | NetworkManager 1.24.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in nmcli, where the command-line interface to the NetworkManager did not accept the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and an insecure connection occurs.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-21 13:27:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1841395, 1841397, 1841398, 1843360, 1910627 | ||
Bug Blocks: | 1840621 |
Description
msiddiqu
2020-05-28 08:28:13 UTC
Created NetworkManager tracking bugs for this issue: Affects: fedora-all [bug 1841395] Upstream patch: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4 FEDORA-2020-3857463d30 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. NetworkManager-1.20.12-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3011 https://access.redhat.com/errata/RHSA-2020:3011 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10754 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4003 https://access.redhat.com/errata/RHSA-2020:4003 |