exploitDog

GHSA-238c-q9xh-vxf4

Опубликовано: 30 апр. 2022

Источник: github

Github: Не прошло ревью

Описание

The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.

The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.

Ссылки

EPSS

Процентиль: 71%

0.00717

Низкий

CVE ID

Связанные уязвимости

CVE-2002-2204

nvd

больше 22 лет назад

The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.

CVE-2002-2204

debian

больше 22 лет назад

The default --checksig setting in RPM Package Manager 4.0.4 checks tha ...

EPSS

Процентиль: 71%

0.00717

Низкий

CVE ID