CVE-2024-28872: Incorrect TLS certificate validation can lead to escalated privileges

ISC BIND Security Advisory

CVE: CVE-2024-28872
Title: Incorrect TLS certificate validation can lead to escalated privileges
Document version: 1.0
Posting date: 27 March 2024
Program impacted: Stork
Versions affected:
Stork0.15.0 -> 1.15.0

Severity: High
Exploitable: Remotely
Description:
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can se …

READ MORE