Lucene search

[email protected]NVD:CVE-2008-2517

HistoryJun 03, 2008 - 2:32 p.m.

CVE-2008-2517

2008-06-0314:32:00

CWE-200

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The sarab.sh script in SaraB before 0.2.4 places the dar program’s encryption key on the command line, which allows local users to obtain sensitive information by listing the process.

Affected configurations

NVD

Node

sarabsarabRange≤0.2.3

sarabsarabMatch0.2.2

References

sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36

sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log

secunia.com/advisories/30394

sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804

www.securityfocus.com/bid/29364

www.vupen.com/english/advisories/2008/1659/references

exchange.xforce.ibmcloud.com/vulnerabilities/42621

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2008-2517

cvelist1 prion1 cve1