VDB
CVE-2020-24619
CVE-2020-24619
PUBLISHED
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
EPSS 0.19% · 41.4th percentile
Risk Scores
EPSS Score
0.19%
41.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | shotcut | 25.03.29+ds-1ubuntu1, 0, 25.03.29+ds-1ubuntu2 |
| Ubuntu:22.04:LTS | shotcut | 21.12.24+ds-1, 21.12.21+ds-1, 0 |
| Ubuntu:20.04:LTS | shotcut | 19.12.31-1, 0, 19.12.31-2 |
| Ubuntu:24.04:LTS | shotcut | 24.01.31+ds-1, 23.12.15+git20231218+ds-1, 23.07.29+git20230730+ds-1 |
Exploit Intelligence
Timeline
- Sep 22, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-24619 third-party-advisory
- https://github.com/mltframework/shotcut/commit/f008adc039642307f6ee3378d378cdb842e52c1d third-party-advisory
- https://shotcut.org/blog/new-release-200913/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-24619 third-party-advisory