Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions. This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.
| Балл | 8 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N |