pdns-recursor: Access restriction bypass (CVE-2020-14196)
An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction.
- Affects: PowerDNS Recursor up to and including 4.3.1, 4.2.2 and 4.1.16
- Not affected: 4.3.2, 4.2.3, 4.1.17
Reference:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html