Описание
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
Ссылки
- Third Party Advisory
- Broken Link
- Broken Link
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Broken Link
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.4.9 (исключая)
cpe:2.3:a:duplicity_project:duplicity:*:*:*:*:*:*:*:*
EPSS
Процентиль: 28%
0.00098
Низкий
4.6 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
ubuntu
около 18 лет назад
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
debian
около 18 лет назад
The FTP backend for Duplicity before 0.4.9 sends the password as a com ...
github
больше 3 лет назад
FTP backend for Duplicity Discloses Passwords to Process Listing
EPSS
Процентиль: 28%
0.00098
Низкий
4.6 Medium
CVSS2
Дефекты
CWE-200