PT-2017-6735 · Attic · Attic

Thomas Waldmann

Published

2017-08-18

Updated

2022-05-17

CVE-2015-4082

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions attic versions prior to 0.15

Description The issue allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by modifying the manifest type byte of the repository to indicate it is unencrypted. This is possible because the software does not confirm unencrypted backups with the user.

Recommendations For versions prior to 0.15, update to version 0.15 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-4082

GHSA-5X6Q-FFWJ-8VCF

PYSEC-2017-6

Affected Products

Attic

PT-2017-6735 · Attic · Attic

CVE-2015-4082

Weakness Enumeration

Related Identifiers

Affected Products

References · 14