CVE-2019-12875

Опубликовано: 18 июн. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.

Ссылки

https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391
Patch
Third Party Advisory
https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190625-0005/
https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391
Patch
Third Party Advisory
https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190625-0005/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alpinelinux:abuild:*:*:*:*:*:*:*:*

Версия до 3.4.0 (включая)

EPSS

Процентиль: 50%

0.00269

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-w7j5-c963-67j3

github

больше 3 лет назад