CVE-2015-4082

Exploit

EPSS 2.47%
Veröffentlicht 18.08.2017 16:29:00
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Attic Project ≫ Attic Version <= 0.14

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.47%	0.824

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://www.openwall.com/lists/oss-security/2015/05/31/3

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/74821

Third Party Advisory

VDB Entry

https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072

Third Party Advisory

https://github.com/jborg/attic/issues/271

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2015-4082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-4082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-4082

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-4082