CVE-2026-41132
EPSS 0.01%CKAN has no certificate validation on STMP connection
發布日:2026/4/29修改日:2026/5/14
描述
### Impact Configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. ### Patches The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5
受影響套件(1)
- PyPI/ckan>= 2.11.0, < 2.11.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |