Main Vulnerability Database SB2020120864

SB2020120864 - Improper validation of certificate with host mismatch in Opencast

Published: December 8, 2020 Updated: April 23, 2026

Security Bulletin ID SB2020120864

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper validation of certificate with host mismatch (CVE-ID: CVE-2020-26234)

The vulnerability allows a remote attacker to conduct man-in-the-middle attacks.

The vulnerability exists due to improper certificate validation in the HTTP client when handling HTTPS requests. A remote attacker can present a certificate with a mismatched hostname to conduct man-in-the-middle attacks.

Remediation

Install update from vendor's website.

References

https://github.com/opencast/opencast/security/advisories/GHSA-44cw-p2hm-gpf6