CVE-2020-24619

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
Configurations

Configuration 1

cpe:2.3:a:meltytech:shotcut:*:*:*:*:*:*:*:*

Information

Published : 2020-09-22 12:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-24619

Mitre link : CVE-2020-24619

Products Affected
No products.
CWE
CWE-295

Improper Certificate Validation