CVE-2015-4082
Last modified
CVE-2015-4082 is a vulnerability of currently unknown severity. attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".. EPSS estimates a 2.47% chance of exploitation in the next 30 days.
Description
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Attic Project | Attic | <= 0.14 |
References
- http://www.openwall.com/lists/oss-security/2015/05/31/3Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/74821Third Party Advisory, VDB Entry
- https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072Third Party Advisory
- https://github.com/jborg/attic/issues/271Exploit, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/05/31/3Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/74821Third Party Advisory, VDB Entry
- https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072Third Party Advisory
- https://github.com/jborg/attic/issues/271Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-4082?
How severe is CVE-2015-4082?
How do I fix CVE-2015-4082?
Are you affected by CVE-2015-4082?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST