CVE-2018-1000858
Description
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.203
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1000858 are affected in GnuPG for windows 2.2.11 | Windows |
| GNU privacy guard - a free PGP replacement (USN-3675-1) gnupg_2.2.4-1ubuntu1.2_i386.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3675-1) gnupg_2.2.4-1ubuntu1.2_amd64.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gnupg_2.2.4-1ubuntu1.2_i386.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gnupg_2.2.4-1ubuntu1.2_amd64.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gnupg_2.2.8-3ubuntu1.1_all.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gpg-wks-client_2.2.4-1ubuntu1.2_i386.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gpg-wks-client_2.2.4-1ubuntu1.2_amd64.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gpg-wks-client_2.2.8-3ubuntu1.1_i386.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gpg-wks-client_2.2.8-3ubuntu1.1_amd64.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gpg-wks-client_2.2.4-1ubuntu1.2_i386.deb | Linux |
| GNU privacy guard - a free PGP replacement (USN-3853-1) gpg-wks-client_2.2.4-1ubuntu1.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234