CVE-2018-1000621

Name of the Vulnerable Software and Affected Versions Mycroft AI mycroft-core versions 18.2.8b and earlier

Description The issue is related to an Incorrect Access Control vulnerability in the Websocket configuration, which can lead to code execution. This problem can be exploited through remote access to the unsecured websocket server. The vulnerability specifically affects Mycroft for Linux and "non-enclosure" installs, while Mark 1 and Picroft are not impacted.

Recommendations For Mycroft AI mycroft-core versions 18.2.8b and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.