Описание
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.0.13-1 |
| esm-apps/xenial | not-affected | 4.0.13-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [4.0.13-1]] |
| lucid | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | not-affected | 4.0.13-1 |
| trusty | not-affected | 4.0.13-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
EPSS
4.3 Medium
CVSS2