6.2

CVE-2016-8889

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bitcoin Knots ProjectBitcoin Knots Version0.11.0 Updaterc1
Bitcoin Knots ProjectBitcoin Knots Version0.11.0 Updaterc2
Bitcoin Knots ProjectBitcoin Knots Version0.11.0 Updaterc3
Bitcoin Knots ProjectBitcoin Knots Version0.11.1 Updaterc1
Bitcoin Knots ProjectBitcoin Knots Version0.11.1 Updaterc2
Bitcoin Knots ProjectBitcoin Knots Version0.11.2 Updaterc1
Bitcoin Knots ProjectBitcoin Knots Version0.12.0 Updaterc1
Bitcoin Knots ProjectBitcoin Knots Version0.12.0 Updaterc2
Bitcoin Knots ProjectBitcoin Knots Version0.12.0 Updaterc3
Bitcoin Knots ProjectBitcoin Knots Version0.12.0 Updaterc4
Bitcoin Knots ProjectBitcoin Knots Version0.12.0 Updaterc5
Bitcoin Knots ProjectBitcoin Knots Version0.12.0.knots20160226 Updaterc1
Bitcoin Knots ProjectBitcoin Knots Version0.12.1.knots20160629 Updaterc2
Bitcoin Knots ProjectBitcoin Knots Version0.13.0.knots20160814
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.219
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 2.5 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/94235
Third Party Advisory
VDB Entry
https://bitcointalk.org/index.php?topic=1618462.0
Third Party Advisory
Mitigation