6.5

CVE-2015-4082

Exploit

EPSS 0.86%
Veröffentlicht 18.08.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Attic Project ≫ Attic Version <= 0.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.729

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://www.openwall.com/lists/oss-security/2015/05/31/3

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/74821

Third Party Advisory

VDB Entry

https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072

Third Party Advisory

https://github.com/jborg/attic/issues/271

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2015-4082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-4082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-4082

EUVD