Lucene search
Ubuntu.comUB:CVE-2024-33900HistoryMay 20, 2024 - 12:00 a.m.
CVE-2024-33900
2024-05-2000:00:00
ubuntu.com
ubuntu.com
5
keepassxc
cleartext credentials
recovery
ptrace restrictions
ubuntu
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AI Score
6.4
Confidence
Low
DISPUTED KeePassXC 2.7.7 allows an attacker (who has the privileges
of the victim) to recover cleartext credentials via a memory dump. NOTE:
the vendor disputes this because memory-management constraints make this
unavoidable in the current design and other realistic designs.
Notes
| Author | Note |
|---|---|
| Priority reason: Mitigated by default ptrace restrictions in Ubuntu | |
| alexmurray | This vulnerability requires the attacker to dump the memory of the keepassxc process - in Ubuntu the default ptrace restrictions ensure that in general this cannot be done by other processes even belonging to the same user which lowers the severity of this vulnerability |
Related
osv
osv
CVE-2024-33900
2024-05-20 21:15:00
nvd
nvd
CVE-2024-33900
2024-05-20 21:15:09
cve
cve
CVE-2024-33900
2024-05-20 21:15:09
cvelist
cvelist
CVE-2024-33900
1976-01-01 00:00:00
vulnrichment
vulnrichment
CVE-2024-33900
1976-01-01 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
AI Score
6.4
Confidence
Low
Related for UB:CVE-2024-33900