Insecure Defaults Leads to Potential MITM in ezseed-transmission

2020-09-01T15:26:35
ID GHSA-P788-RJ37-357W
Type github
Reporter GitHub Advisory Database
Modified 2020-09-01T15:26:35

Description

Affected versions of ezseed-transmission download and run a script over an HTTP connection.

An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running ezseed-transmission.

Recommendation

Update to version 0.0.15 or later.