Vulnerability Details : CVE-2015-4082
Potential exploit
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".
Products affected by CVE-2015-4082
- cpe:2.3:a:attic_project:attic:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4082
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4082
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2015-4082
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4082
-
http://www.openwall.com/lists/oss-security/2015/05/31/3
oss-security - Re: CVE request for attic : encrypted backups attackMailing List;Third Party Advisory
-
https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
Require approval before accessing previously unknown unencrypted repo… · jborg/attic@78f9ad1 · GitHubThird Party Advisory
-
https://github.com/jborg/attic/issues/271
security bug: decryption attack · Issue #271 · jborg/attic · GitHubExploit;Third Party Advisory
-
http://www.securityfocus.com/bid/74821
Attic 'attic/archiver.py' Security Bypass VulnerabilityVDB Entry;Third Party Advisory
Jump to