CVE-2014-1921

2014-02-1415:55:06

CWE-362

mitre

web.nvd.nist.gov

parcimonie

cve-2014-1921

key fetches

security

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.0%

JSON

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors.

Affected configurations

Nvd

Node

parcimonie_projectparcimonieRange≤0.7.1-1

parcimonie_projectparcimonieMatch0.6-1

parcimonie_projectparcimonieMatch0.6-3

parcimonie_projectparcimonieMatch0.7-1

VendorProductVersionCPE
parcimonie_projectparcimonie*cpe:2.3:a:parcimonie_project:parcimonie:*:*:*:*:*:*:*:*
parcimonie_projectparcimonie0.6-1cpe:2.3:a:parcimonie_project:parcimonie:0.6-1:*:*:*:*:*:*:*
parcimonie_projectparcimonie0.6-3cpe:2.3:a:parcimonie_project:parcimonie:0.6-3:*:*:*:*:*:*:*
parcimonie_projectparcimonie0.7-1cpe:2.3:a:parcimonie_project:parcimonie:0.7-1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
parcimonie_project	parcimonie	*	cpe:2.3:a:parcimonie_project:parcimonie::::::::
parcimonie_project	parcimonie	0.6-1	cpe:2.3:a:parcimonie_project:parcimonie:0.6-1:::::::*
parcimonie_project	parcimonie	0.6-3	cpe:2.3:a:parcimonie_project:parcimonie:0.6-3:::::::*
parcimonie_project	parcimonie	0.7-1	cpe:2.3:a:parcimonie_project:parcimonie:0.7-1:::::::*