Описание
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/xenial | not-affected | |
| precise/esm | not-affected | |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | released | 2.2.6 |
| xenial | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.1.15-1ubuntu8 |
| bionic | released | 2.2.4-1ubuntu1.1 |
| devel | released | 2.2.8-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [2.0.22-3ubuntu1.3]] |
| esm-infra/bionic | released | 2.2.4-1ubuntu1.1 |
| esm-infra/xenial | not-affected | 2.1.11-6ubuntu2 |
| precise/esm | DNE | |
| trusty | not-affected | 2.0.22-3ubuntu1.3 |
| trusty/esm | DNE | trusty was not-affected [2.0.22-3ubuntu1.3] |
| upstream | released | 2.2.6 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ce ...
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3