CVE-2022-21672 (GCVE-0-2022-21672)
Vulnerability from cvelistv5 – Published: 2022-01-10 21:00 – Updated: 2025-04-23 19:13
VLAI?
Title
/etc/pki/tls and /etc/ssl/certs include distrusted certificates in make-ca
Summary
make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor.
Severity ?
6.5 (Medium)
CWE
- CWE-115 - Misinterpretation of Input
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lfs-book/make-ca/issues/19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lfs-book/make-ca/pull/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:12:26.450363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:13:51.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "make-ca",
"vendor": "lfs-book",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9, \u003c 1.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-115",
"description": "CWE-115: Misinterpretation of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T21:00:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lfs-book/make-ca/issues/19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lfs-book/make-ca/pull/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html"
}
],
"source": {
"advisory": "GHSA-m5qh-728v-4xrx",
"discovery": "UNKNOWN"
},
"title": "/etc/pki/tls and /etc/ssl/certs include distrusted certificates in make-ca",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21672",
"STATE": "PUBLIC",
"TITLE": "/etc/pki/tls and /etc/ssl/certs include distrusted certificates in make-ca"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "make-ca",
"version": {
"version_data": [
{
"version_value": "\u003e= 0.9, \u003c 1.10"
}
]
}
}
]
},
"vendor_name": "lfs-book"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-115: Misinterpretation of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx",
"refsource": "CONFIRM",
"url": "https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx"
},
{
"name": "https://github.com/lfs-book/make-ca/issues/19",
"refsource": "MISC",
"url": "https://github.com/lfs-book/make-ca/issues/19"
},
{
"name": "https://github.com/lfs-book/make-ca/pull/20",
"refsource": "MISC",
"url": "https://github.com/lfs-book/make-ca/pull/20"
},
{
"name": "https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html",
"refsource": "MISC",
"url": "https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html"
}
]
},
"source": {
"advisory": "GHSA-m5qh-728v-4xrx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21672",
"datePublished": "2022-01-10T21:00:13.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:13:51.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-21672",
"date": "2026-05-05",
"epss": "0.0015",
"percentile": "0.35038"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfromscratch:make-ca:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.9\", \"versionEndExcluding\": \"1.10\", \"matchCriteriaId\": \"9DF45D07-0CDF-49E7-B12B-1A17B3357573\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor.\"}, {\"lang\": \"es\", \"value\": \"make-ca es una utilidad para entregar y administrar una configuraci\\u00f3n PKI completa para estaciones de trabajo y servidores. A partir de la versi\\u00f3n 0.9 y versiones anteriores a 1.10, make-ca malinterpreta Mozilla certdata.txt y trata los certificados expl\\u00edcitamente no confiables como si fueran confiables, causando que esos certificados expl\\u00edcitamente no confiables sean confiados por el sistema. Los certificados expl\\u00edcitamente no confiables fueron usados por algunas CAs ya hackeadas. Los atacantes hostiles pueden llevar a cabo un ataque de tipo MIM explot\\u00e1ndolos. Todos los que usen las versiones afectadas de make-ca deber\\u00edan actualizar a make-ca-1.10, y ejecutar \\\"make-ca -f -g\\\" como usuario \\\"root\\\" para regenerar el almac\\u00e9n confiable inmediatamente. Como soluci\\u00f3n, los usuarios pueden borrar los certificados no confiables de /etc/pki/tls y /etc/ssl/certs manualmente (o mediante un script), pero no es recomendado porque los cambios manuales ser\\u00e1n sobreescritos la pr\\u00f3xima vez que sea ejecutado make-ca para actualizar el anclaje confiable\"}]",
"id": "CVE-2022-21672",
"lastModified": "2024-11-21T06:45:12.117",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-01-10T21:15:08.043",
"references": "[{\"url\": \"https://github.com/lfs-book/make-ca/issues/19\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/lfs-book/make-ca/pull/20\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/lfs-book/make-ca/issues/19\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/lfs-book/make-ca/pull/20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Mitigation\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-115\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-21672\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-01-10T21:15:08.043\",\"lastModified\":\"2024-11-21T06:45:12.117\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted certificates trusted by the system. The explicitly untrusted certificates were used by some CAs already hacked. Hostile attackers may perform a MIM attack exploiting them. Everyone using the affected versions of make-ca should upgrade to make-ca-1.10, and run `make-ca -f -g` as the `root` user to regenerate the trusted store immediately. As a workaround, users may delete the untrusted certificates from /etc/pki/tls and /etc/ssl/certs manually (or by a script), but this is not recommended because the manual changes will be overwritten next time running make-ca to update the trusted anchor.\"},{\"lang\":\"es\",\"value\":\"make-ca es una utilidad para entregar y administrar una configuraci\u00f3n PKI completa para estaciones de trabajo y servidores. A partir de la versi\u00f3n 0.9 y versiones anteriores a 1.10, make-ca malinterpreta Mozilla certdata.txt y trata los certificados expl\u00edcitamente no confiables como si fueran confiables, causando que esos certificados expl\u00edcitamente no confiables sean confiados por el sistema. Los certificados expl\u00edcitamente no confiables fueron usados por algunas CAs ya hackeadas. Los atacantes hostiles pueden llevar a cabo un ataque de tipo MIM explot\u00e1ndolos. Todos los que usen las versiones afectadas de make-ca deber\u00edan actualizar a make-ca-1.10, y ejecutar \\\"make-ca -f -g\\\" como usuario \\\"root\\\" para regenerar el almac\u00e9n confiable inmediatamente. Como soluci\u00f3n, los usuarios pueden borrar los certificados no confiables de /etc/pki/tls y /etc/ssl/certs manualmente (o mediante un script), pero no es recomendado porque los cambios manuales ser\u00e1n sobreescritos la pr\u00f3xima vez que sea ejecutado make-ca para actualizar el anclaje confiable\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-115\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfromscratch:make-ca:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9\",\"versionEndExcluding\":\"1.10\",\"matchCriteriaId\":\"9DF45D07-0CDF-49E7-B12B-1A17B3357573\"}]}]}],\"references\":[{\"url\":\"https://github.com/lfs-book/make-ca/issues/19\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/lfs-book/make-ca/pull/20\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/lfs-book/make-ca/issues/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/lfs-book/make-ca/pull/20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/lfs-book/make-ca/security/advisories/GHSA-m5qh-728v-4xrx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.linuxfromscratch.org/sympa/arc/blfs-support/2022-01/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…