Lucene search

MitreCVE-2018-18908

HistoryJan 20, 2019 - 8:29 p.m.

CVE-2018-18908

2019-01-2020:29:00

CWE-319

mitre

web.nvd.nist.gov

465

cve-2018-18908

sky go desktop

windows

mitm

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim’s Sky username.

Affected configurations

Nvd

Node

skysky_goRange1.0.19-1–1.0.23-1windows

VendorProductVersionCPE
skysky_go*cpe:2.3:a:sky:sky_go:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
sky	sky_go	*	cpe:2.3:a:sky:sky_go::::::windows::*

References

blog.sean-wright.com/sky/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

Related for CVE-2018-18908