VDB
ALPINE-CVE-2020-15078
ALPINE-CVE-2020-15078
PUBLISHED
CVSS 7.5 HIGH
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.16 | openvpn | 2.0.9-r0, 2.0.9-r1, 2.0.9-r2 |
| Alpine:v3.15 | openvpn | 2.4.6-r2, 2.5.0-r1, 2.5.0-r0 |
| Alpine:v3.19 | openvpn | 2.5.1-r0, 2.5.0-r1, 2.5.0-r0 |
| Alpine:v3.23 | openvpn | 0, 2.0.9-r0, 2.0.9-r2 |
| Alpine:v3.18 | openvpn | 2.4.8-r3, 2.4.8-r2, 2.4.8-r1 |
| Alpine:v3.13 | openvpn | 2.3.10-r0, 2.3.10-r0, 2.3.10-r1 |
| Alpine:v3.11 | openvpn | 0, 2.0.9-r0, 2.0.9-r1 |
| Alpine:v3.14 | openvpn | 2.3.5-r0, 0, 2.0.9-r0 |
| Alpine:v3.20 | openvpn | 2.3.12-r0, 2.5.1-r0, 2.5.0-r1 |
| Alpine:v3.12 | openvpn | 2.4.7-r1, 0, 2.0.9-r0 |
| Alpine:v3.22 | openvpn | 2.3.6-r0, 2.3.12-r1, 2.3.2-r2 |
| Alpine:v3.21 | openvpn | 2.4.4-r1, 2.5.1-r0, 2.5.0-r1 |
| Alpine:v3.17 | openvpn | 2.4.6-r2, 2.4.6-r1, 2.4.6-r0 |
| Alpine:v3.10 | openvpn | 0, 2.0.9-r0, 2.0.9-r1 |
Timeline
- Apr 26, 2021 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch