PT-2010-1935 · Bournal · Bournal

Published

2010-02-25

Updated

2018-10-10

CVE-2010-0119

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bournal versions prior to 1.4.1

Description The issue allows local users to obtain sensitive information by listing the process and its arguments. This is related to the use of the -K option, which places a ccrypt key on the command line, and is connected to "echoing."

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -K option until the update is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2010-0119

Affected Products

Bournal

PT-2010-1935 · Bournal · Bournal

CVE-2010-0119

Weakness Enumeration

Related Identifiers

Affected Products

References · 9