6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.5%
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
www.debian.org/security/2000/20001225b
www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
www.osvdb.org/1702
www.redhat.com/support/errata/RHSA-2000-131.html
www.securityfocus.com/archive/1/152197
www.securityfocus.com/bid/2153
exchange.xforce.ibmcloud.com/vulnerabilities/5803