返回 CVE 浏览器

CVE-2018-1000858

HIGH

8.8

CVSS Severity Score

EPSS Score0.1930%

EPSS Percentile13.93th

Published2018年12月20日

Last Modified2024年11月21日

Vulnerability Description

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.

Affected Platforms (CPE)

📦

Gnupg

Gnupg

>= 2.1.12 and <= 2.2.11

💻

Canonical

Ubuntu Linux

= 18.04

💻

Canonical

Ubuntu Linux

= 18.10

References & Advisories

🔗 https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html

🔗 https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html

🔗 https://usn.ubuntu.com/3853-1/

🔗 https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html

🔗 https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html

🔗 https://usn.ubuntu.com/3853-1/

相关漏洞威胁

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...

CVE-2003-025510.0

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns ...

CVE-2018-123569.8

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routi...

CVE-2008-15309.3

GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via c...