3.2

CVE-2013-1923

rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux-nfsNfs-utils Version <= 1.2.7
Linux-nfsNfs-utils Version1.2.0
Linux-nfsNfs-utils Version1.2.1
Linux-nfsNfs-utils Version1.2.2
Linux-nfsNfs-utils Version1.2.3
Linux-nfsNfs-utils Version1.2.4
Linux-nfsNfs-utils Version1.2.5
Linux-nfsNfs-utils Version1.2.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.595
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.2 3.2 4.9
AV:A/AC:H/Au:N/C:P/I:P/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.