Описание
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
Дополнительная информация
https://bugzilla.redhat.com/show_bug.cgi?id=1616565security flaw
EPSS
Процентиль: 76%
0.0096
Низкий
Связанные уязвимости
nvd
почти 25 лет назад
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
github
почти 4 года назад
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
EPSS
Процентиль: 76%
0.0096
Низкий