CVE-2020-14196
MEDIUMPowerDNS Recursor <= 4.1.16 - Incorrect Authorization
Title source: llmDescription
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
References (7)
Core 7
Core References
Mailing List, Release Notes, Third Party Advisory x_refsource_confirm
https://www.openwall.com/lists/oss-security/2020/07/01/1
Vendor Advisory x_refsource_confirm
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00043.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00042.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7TUNCUZNASYSTVD35QGFAI6XO2BFMQ2F/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00044.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html
Scores
CVSS v3
5.3
EPSS
0.0169
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-863
Status
published
Products (1)
powerdns/recursor
< 4.1.16
Published
Jul 01, 2020
Tracked Since
Feb 18, 2026