Описание
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apt | unfixed | package |
Примечания
Not exploitable in Debian, since no keyring URI is defined
Связанные уязвимости
CVSS3: 3.7
ubuntu
около 6 лет назад
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
CVSS3: 3.7
nvd
около 6 лет назад
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
CVSS3: 3.7
github
почти 4 года назад
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.