CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
79.2%
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
Vendor | Product | Version | CPE |
---|---|---|---|
simpestreams_project | simplestreams | - | cpe:2.3:a:simpestreams_project:simplestreams:-:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 14.04 | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* |
canonical | ubuntu_linux | 15.04 | cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* |