CVE-2015-4082

Опубликовано: 18 авг. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".

Ссылки

http://www.openwall.com/lists/oss-security/2015/05/31/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/74821
Third Party Advisory
VDB Entry
https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
Third Party Advisory
https://github.com/jborg/attic/issues/271
Exploit
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/05/31/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/74821
Third Party Advisory
VDB Entry
https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
Third Party Advisory
https://github.com/jborg/attic/issues/271
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:attic_project:attic:*:*:*:*:*:*:*:*

Версия до 0.14 (включая)

EPSS

Процентиль: 75%

0.00858

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2015-4082

CVSS3: 6.5

ubuntu

больше 8 лет назад

CVE-2015-4082

CVSS3: 6.5

debian

больше 8 лет назад

attic before 0.15 does not confirm unencrypted backups with the user, ...

GHSA-5x6q-ffwj-8vcf

CVSS3: 6.5

github

больше 3 лет назад

attic has improper verification of unencrypted backups

EPSS

Процентиль: 75%

0.00858

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264