CVE-2020-19003

MEDIUM

Gate One 1.2.0 - Authentication Bypass via Origin Verification Spoofing

Title source: llm
STIX 2.1

Description

An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/liftoff/GateOne/issues/728
Technical Description x_refsource_misc
https://cwe.mitre.org/data/definitions/290.html

Scores

CVSS v3 5.3
EPSS 0.0076
EPSS Percentile 50.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-290
Status published
Products (2)
liftoffsoftware/gate_one 1.2.0
pypi/gateone 0PyPI
Published Oct 06, 2021
Tracked Since Feb 18, 2026