CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
35.2%
Transifex command-line client before 0.10 does not validate X.509
certificates for data transfer connections, which allows man-in-the-middle
attackers to spoof a Transifex server via an arbitrary certificate. NOTE:
this vulnerability exists because of an incomplete fix for CVE-2013-2073.
Author | Note |
---|---|
mdeslaur | fix for CVE-2013-2073 was incomplete |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | transifex-client | < any | UNKNOWN |
ubuntu | 20.04 | noarch | transifex-client | < any | UNKNOWN |
ubuntu | 22.04 | noarch | transifex-client | < any | UNKNOWN |
ubuntu | 16.04 | noarch | transifex-client | < any | UNKNOWN |
www.openwall.com/lists/oss-security/2013/12/15
github.com/transifex/transifex-client/commit/6d69d61
github.com/transifex/transifex-client/issues/42
launchpad.net/bugs/cve/CVE-2013-7110
nvd.nist.gov/vuln/detail/CVE-2013-7110
security-tracker.debian.org/tracker/CVE-2013-7110
www.cve.org/CVERecord?id=CVE-2013-7110