CVE-2018-1000828

EPSS 0.25%
Veröffentlicht 20.12.2018 15:29:01
Zuletzt bearbeitet 21.11.2024 03:40:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Frostwire ≫ Frostwire Version1.9.9 Updatebuild246 SwPlatformdesktop

Frostwire ≫ Frostwire Version1.9.9 Updatebuild247 SwPlatformdesktop

Frostwire ≫ Frostwire Version2.0.7 Updatebuild263 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.1.6 Updatebuild166 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.1.6 Updatebuild167 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.1.7 Updatebuild168 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.1.8 Updatebuild169 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.1.9 Updatebuild172 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.2.0 Updatebuild173 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.2.0 Updatebuild174 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.2.1 Updatebuild175 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.2.2 Updatebuild176 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.2.3 Updatebuild177 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.2.3 Updatebuild178 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.2.4 Updatebuild179 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.0 Updatebuild180 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.0 Updatebuild181 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.0 Updatebuild182 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.0 Updatebuild183 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.0 Updatebuild184 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.0 Updatebuild185 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.1 Updatebuild186 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.2 Updatebuild187 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.2 Updatebuild188 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.3 Updatebuild189 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.3 Updatebuild190 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.3 Updatebuild193 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.3 Updatebuild255 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.4 Updatebuild193 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.4 Updatebuild194 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.5 Updatebuild195 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.5 Updatebuild197 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.5 Updatebuild198 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.6 Updatebuild201 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.6 Updatebuild202 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.7 Updatebuild203 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.7 Updatebuild204 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.7 Updatebuild205 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.3.7 Updatebuild206 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.0 Updatebuild207 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.0 Updatebuild208 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.1 Updatebuild209 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.1 Updatebuild210 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.2 Updatebuild212 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.3 Updatebuild214 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.4 Updatebuild215 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.5 Updatebuild218 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.5 Updatebuild219 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.5 Updatebuild220 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.5 Updatebuild221 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.5 Updatebuild222 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.6 Updatebuild223 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.6 Updatebuild227 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.7 Updatebuild228 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.7 Updatebuild229 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.8 Updatebuild230 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.8 Updatebuild232 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.8 Updatebuild233 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.8 Updatebuild234 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.4.9 Updatebuild235 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.0 Updatebuild236 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.1 Updatebuild238 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.2 Updatebuild239 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.3 Updatebuild240 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.4 Updatebuild241 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.5 Updatebuild242 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.5 Updatebuild243 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.8 Updatebuild244 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.8 Updatebuild245 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.5.9 Updatebuild246 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.0 Updatebuild248 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.1 Updatebuild249 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.2 Updatebuild250 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.2 Updatebuild251 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.3 Updatebuild252 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.3 Updatebuild253 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.4 Updatebuild256 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.5 Updatebuild257 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.6 Updatebuild258 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.7 Updatebuild529 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.6.8 Updatebuild260 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.0 Updatebuild261 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.0 Updatebuild262 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.0 Updatebuild264 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.0 Updatebuild265hotfix SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.1 Updatebuild266 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.1 Updatebuild267 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.1 Updatebuild268 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.2 Updatebuild269 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.2 Updatebuild270 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.3 Updatebuild271 SwPlatformdesktop

Frostwire ≫ Frostwire Version6.7.4 Updatebuild272 SwPlatformdesktop

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.449

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	2.2	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://0dd.zone/2018/10/28/frostwire-XXE-MitM/

Third Party Advisory

https://github.com/frostwire/frostwire/issues/829

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-1000828

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1000828

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1000828

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-1000828