CVE Vulnerabilities

CVE-2015-4082

Published: Aug 18, 2017 | Modified: Aug 25, 2017
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
HIGH

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to unencrypted / without key file.

Affected Software

Name Vendor Start Version End Version
Attic Attic_project * 0.14 (including)
Attic Ubuntu trusty *
Attic Ubuntu trusty/esm *
Attic Ubuntu upstream *
Attic Ubuntu utopic *
Attic Ubuntu vivid *
Attic Ubuntu wily *

References