Vulnerabilites related to keepass - keepass
cve-2019-20184
Vulnerability from cvelistv5
Published
2020-01-09 21:09
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
KeePass 2.4.1 allows CSV injection in the title field of a CSV export.
References
| ▼ | URL | Tags |
|---|---|---|
| https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "KeePass 2.4.1 allows CSV injection in the title field of a CSV export.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-09T21:09:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20184", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "KeePass 2.4.1 allows CSV injection in the title field of a CSV export.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://medium.com/@Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a", refsource: "MISC", url: "https://medium.com/@Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20184", datePublished: "2020-01-09T21:09:41", dateReserved: "2019-12-31T00:00:00", dateUpdated: "2024-08-05T02:39:09.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-5200
Vulnerability from cvelistv5
Published
2012-09-06 10:00
Modified
2024-09-16 18:44
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/41270 | third-party-advisory, x_refsource_SECUNIA | |
| http://keepass.info/news/n100902_1.18.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:09:39.305Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "41270", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41270", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://keepass.info/news/n100902_1.18.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-09-06T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "41270", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41270", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://keepass.info/news/n100902_1.18.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-5200", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "41270", refsource: "SECUNIA", url: "http://secunia.com/advisories/41270", }, { name: "http://keepass.info/news/n100902_1.18.html", refsource: "CONFIRM", url: "http://keepass.info/news/n100902_1.18.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-5200", datePublished: "2012-09-06T10:00:00Z", dateReserved: "2012-09-06T00:00:00Z", dateUpdated: "2024-09-16T18:44:42.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32784
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-23 19:29
Severity ?
EPSS score ?
Summary
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.054Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/vdohney/keepass-password-dumper", }, { tags: [ "x_transferred", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/", }, { tags: [ "x_transferred", ], url: "https://github.com/keepassxreboot/keepassxc/discussions/9433", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-32784", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T19:26:11.279580Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "CWE-319 Cleartext Transmission of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T19:29:40.475Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-20T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/vdohney/keepass-password-dumper", }, { url: "https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/", }, { url: "https://github.com/keepassxreboot/keepassxc/discussions/9433", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-32784", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2023-05-15T00:00:00.000Z", dateUpdated: "2025-01-23T19:29:40.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-1000066
Vulnerability from cvelistv5
Published
2017-07-13 20:00
Modified
2024-08-05 21:53
Severity ?
EPSS score ?
Summary
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://keepass.info/news/news_all.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:53:06.267Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://keepass.info/news/news_all.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2017-05-06T00:00:00", datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://keepass.info/news/news_all.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2017-05-06T20:43:28.317473", ID: "CVE-2017-1000066", REQUESTER: "firace@gmail.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://keepass.info/news/news_all.html", refsource: "CONFIRM", url: "http://keepass.info/news/news_all.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-1000066", datePublished: "2017-07-13T20:00:00", dateReserved: "2017-07-10T00:00:00", dateUpdated: "2024-08-05T21:53:06.267Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-5119
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html | x_refsource_MISC | |
| https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/ | x_refsource_MISC | |
| https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:53:47.366Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-02T00:00:00", descriptions: [ { lang: "en", value: "The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-23T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5119", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html", refsource: "MISC", url: "https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html", }, { name: "https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/", refsource: "MISC", url: "https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/", }, { name: "https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/", refsource: "CONFIRM", url: "https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5119", datePublished: "2017-01-23T21:00:00", dateReserved: "2016-05-30T00:00:00", dateUpdated: "2024-08-06T00:53:47.366Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24055
Vulnerability from cvelistv5
Published
2023-01-22 00:00
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-24055", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-10T17:00:23.026692Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-10T17:00:40.269Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:49:08.940Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/", }, { tags: [ "x_transferred", ], url: "https://sourceforge.net/p/keepass/feature-requests/2773/", }, { tags: [ "x_transferred", ], url: "https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-01T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/", }, { url: "https://sourceforge.net/p/keepass/feature-requests/2773/", }, { url: "https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-24055", datePublished: "2023-01-22T00:00:00", dateReserved: "2023-01-21T00:00:00", dateUpdated: "2024-08-02T10:49:08.940Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0725
Vulnerability from cvelistv5
Published
2022-03-07 14:00
Modified
2024-08-02 23:40
Severity ?
EPSS score ?
Summary
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2052696 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:40:03.535Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052696", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "keepass", vendor: "n/a", versions: [ { status: "affected", version: "no fix available", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-13T13:46:37", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052696", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-0725", datePublished: "2022-03-07T14:00:21", dateReserved: "2022-02-22T00:00:00", dateUpdated: "2024-08-02T23:40:03.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-05-15 06:15
Modified
2025-01-23 20:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/keepassxreboot/keepassxc/discussions/9433 | Issue Tracking | |
| cve@mitre.org | https://github.com/vdohney/keepass-password-dumper | Exploit, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/ | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/keepassxreboot/keepassxc/discussions/9433 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vdohney/keepass-password-dumper | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/ | Issue Tracking |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:keepass:keepass:*:*:*:*:*:*:*:*", matchCriteriaId: "02B04F85-32CC-4B57-A6DE-2FE8BAD7A17D", versionEndExcluding: "2.54", versionStartIncluding: "2.00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.", }, { lang: "es", value: "En KeePass v2.x anterior a v2.54, es posible recuperar la contraseña maestra en texto claro a partir de un volcado de memoria, incluso cuando un espacio de trabajo está bloqueado o ya no se ejecuta. El volcado de memoria puede ser un volcado de proceso de KeePass, un archivo de intercambio (pagefile.sys), un archivo de hibernación (hiberfil.sys) o un volcado de RAM de todo el sistema. El primer carácter no se puede recuperar. En la versión 2.54, hay un uso diferente de la API y/o inserción de una cadena aleatoria para la mitigación. ", }, ], id: "CVE-2023-32784", lastModified: "2025-01-23T20:15:30.320", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-15T06:15:10.427", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/keepassxreboot/keepassxc/discussions/9433", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/vdohney/keepass-password-dumper", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/keepassxreboot/keepassxc/discussions/9433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/vdohney/keepass-password-dumper", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-319", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-06 10:41
Modified
2024-11-21 01:22
Severity ?
Summary
Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:keepass:keepass:*:*:*:*:*:*:*:*", matchCriteriaId: "935695E1-291A-49A6-B27F-C5D283A1A268", versionEndIncluding: "1.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Untrusted search path vulnerability in KeePass Password Safe before 1.18 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .kdb file. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "Vulnerabilidad de ruta de búsqueda no confiable en KeePass Password Safe anterior a v1.18 permite a usuarios locales obtener privilegios a través de un troyano DLL en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. Kdb. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros.", }, ], evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426 Untrusted Search Path'", id: "CVE-2010-5200", lastModified: "2024-11-21T01:22:43.223", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-09-06T10:41:54.567", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://keepass.info/news/n100902_1.18.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41270", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://keepass.info/news/n100902_1.18.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41270", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-22 04:15
Modified
2024-11-21 07:47
Severity ?
Summary
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/ | Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/keepass/feature-requests/2773/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/keepass/feature-requests/2773/ | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:keepass:keepass:*:*:*:*:*:*:*:*", matchCriteriaId: "CFA47D34-7075-4B84-BB5D-1C6CAD117F72", versionEndIncluding: "2.53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.", }, { lang: "es", value: "KeePass en la versión 2.53 (en una instalación por defecto) permite a un atacante, que tiene acceso de escritura al archivo de configuración XML, obtener las contraseñas en texto claro mediante la adición de un disparador de exportación. NOTA: la posición del vendedor es que la base de datos de contraseñas no está pensada para ser segura contra un atacante que tenga ese nivel de acceso al PC local. ", }, ], id: "CVE-2023-24055", lastModified: "2024-11-21T07:47:20.550", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-22T04:15:11.560", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://sourceforge.net/p/keepass/feature-requests/2773/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://securityboulevard.com/2023/01/keepass-password-manager-leak-cve-richixbw/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/a146e5cf6b/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://sourceforge.net/p/keepass/feature-requests/2773/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2024-11-21 02:53
Severity ?
Summary
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:keepass:keepass:*:*:*:*:*:*:*:*", matchCriteriaId: "C35ADCD5-502E-43C4-89B8-A3E112D06DDE", versionEndIncluding: "2.33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.", }, { lang: "es", value: "La funcionalidad de actualización automática en KeePass 2.33 y versiones anteriores, permite a atacantes man-in-the-middle ejecutar código arbitrario suplantando la respuesta de comprobación de versión y suministrando una actualización manipulada.", }, ], id: "CVE-2016-5119", lastModified: "2024-11-21T02:53:39.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-23T21:59:01.657", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", ], url: "https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Product", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", ], url: "https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Product", ], url: "https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-09 22:15
Modified
2024-11-21 04:38
Severity ?
Summary
KeePass 2.4.1 allows CSV injection in the title field of a CSV export.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:keepass:keepass:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "DDEF16A3-3726-4388-8436-8D804380C299", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "KeePass 2.4.1 allows CSV injection in the title field of a CSV export.", }, { lang: "es", value: "KeePass versión 2.4.1, permite una inyección CSV en el campo title de una exportación de CSV.", }, ], id: "CVE-2019-20184", lastModified: "2024-11-21T04:38:10.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-09T22:15:13.300", references: [ { source: "cve@mitre.org", url: "https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40Pablo0xSantiago/cve-2019-20184-keepass-2-4-1-csv-injection-33f08de3c11a", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1236", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-10 17:44
Modified
2024-11-21 06:39
Severity ?
Summary
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2052696 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2052696 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| keepass | keepass | 2.48 | |
| fedoraproject | extra_packages_for_enterprise_linux | 7.0 | |
| fedoraproject | fedora | 35 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:keepass:keepass:2.48:*:*:*:*:*:*:*", matchCriteriaId: "D3D2283F-06B7-4B7D-8146-0D04ADF5679A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "3D9C7598-4BB4-442A-86DF-EEDE041A4CC7", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.", }, { lang: "es", value: "Se ha encontrado un fallo en keepass. La vulnerabilidad se produce debido al registro de las contraseñas en texto plano en el registro del sistema y conduce a una vulnerabilidad de exposición de información. Este fallo permite a un atacante interactuar y leer contraseñas y registros sensibles", }, ], id: "CVE-2022-0725", lastModified: "2024-11-21T06:39:16.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-10T17:44:56.730", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052696", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052696", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:04
Severity ?
Summary
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://keepass.info/news/news_all.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://keepass.info/news/news_all.html | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:keepass:keepass:1.32:*:*:*:*:*:*:*", matchCriteriaId: "D2CD0B72-2D31-449F-A23E-BC092DF86563", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.", }, { lang: "es", value: "La función entry details view en KeePass versión 1.32, desencripta inadvertidamente ciertas entradas de base de datos en la memoria, resultando en la divulgación de información confidencial.", }, ], id: "CVE-2017-1000066", lastModified: "2024-11-21T03:04:04.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:18.093", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://keepass.info/news/news_all.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://keepass.info/news/news_all.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }