Vulnerabilities > CVE-2020-14196 - Incorrect Authorization vulnerability in Powerdns Recursor
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7TUNCUZNASYSTVD35QGFAI6XO2BFMQ2F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7TUNCUZNASYSTVD35QGFAI6XO2BFMQ2F/
- https://www.openwall.com/lists/oss-security/2020/07/01/1
- https://www.openwall.com/lists/oss-security/2020/07/01/1