Craig Barratt : Security Vulnerabilities, CVEs, Published In 2009 CVSS score >= 3
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
Max CVSS
8.5
EPSS Score
0.37%
Published
2009-09-24
Updated
2009-10-31
1 vulnerabilities found