CVE-2008-4677
Description
autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "Im assuming that theyre using the same id and password on that unchanged hostname, deliberately."
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.748
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2008-4677 are affected in Vim 109 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 110 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 111 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 112 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 113 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 114 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 115 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 116 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 118 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 120 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 121 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 122 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 123 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 128 | Windows |
| Vulnerabilities CVE-2008-4677 are affected in Vim 131 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234