Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-31484

Date: April 27, 2023

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Converted from WS-2023-0109, on 2023-04-30.

Language: Perl

Severity Score

Related Resources (17)

https://access.redhat.com/security/cve/CVE-2023-31484
https://nvd.nist.gov/vuln/detail/CVE-2023-31484
https://metacpan.org/dist/CPAN/changes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
http://www.openwall.com/lists/oss-security/2023/04/29/1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
http://www.openwall.com/lists/oss-security/2023/05/07/2
http://www.openwall.com/lists/oss-security/2023/05/03/3
https://security-tracker.debian.org/tracker/CVE-2023-31484
https://security.netapp.com/advisory/ntap-20240621-0007/
https://www.openwall.com/lists/oss-security/2023/04/18/14
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/
https://github.com/andk/cpanpm/pull/175
http://www.openwall.com/lists/oss-security/2023/05/03/5
https://www.mend.io/vulnerability-database/CVE-2023-31484

Severity Score

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us