CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
32.1%
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
Vendor | Product | Version | CPE |
---|---|---|---|
canonical | software-properties | * | cpe:2.3:a:canonical:software-properties:*:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 10.04 | cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:* |
canonical | ubuntu_linux | 10.10 | cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 11.04 | cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 11.10 | cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* |