Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1000022

Опубликовано: 09 фев. 2018
Источник: debian
EPSS Низкий

Описание

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
electrumfixed3.0.5-1package
electrumnot-affectedjessiepackage

Примечания

  • https://github.com/spesmilo/electrum/issues/3374

  • https://www.openwall.com/lists/oss-security/2018/01/10/4

EPSS

Процентиль: 56%
0.00333
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-1000022

CVSS3: 5.3
ubuntu
почти 8 лет назад

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.

nvd логотип

CVE-2018-1000022

CVSS3: 5.3
nvd
почти 8 лет назад

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.

github логотип

GHSA-7hrg-9m3r-2cqv

CVSS3: 5.3
github
больше 3 лет назад

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.

EPSS

Процентиль: 56%
0.00333
Низкий