CVE-2013-7110

Transifex <0.10 - Man-in-the-Middle

Title source: llm
STIX 2.1

Description

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/13/5
Issue Tracking x_refsource_confirm
https://github.com/transifex/transifex-client/issues/42
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/15/3

Scores

EPSS 0.0083
EPSS Percentile 53.2%

Details

CWE
CWE-20
Status published
Products (10)
pypi/transifex-client 0 - 0.10PyPI
transifex/transifex 0.1
transifex/transifex 0.2
transifex/transifex 0.3
transifex/transifex 0.4
transifex/transifex 0.5
transifex/transifex 0.6
transifex/transifex 0.7
transifex/transifex 0.8
transifex/transifex < 0.9
Published May 02, 2014
Tracked Since Feb 18, 2026