7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.7%
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to
decrypt other ciphertext than intended. To perform the attack, the
passphrase to gnupg must be controlled by the adversary and the ciphertext
should be trusted. Related to a “CWE-20: Improper Input Validation” issue
affecting the affect functionality component.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python-gnupg | < 0.4.1-1ubuntu1.18.04.1 | UNKNOWN |
ubuntu | 18.10 | noarch | python-gnupg | < 0.4.1-1ubuntu1.18.10.1 | UNKNOWN |
ubuntu | 19.04 | noarch | python-gnupg | < 0.4.3-1ubuntu1.19.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | python-gnupg | < any | UNKNOWN |
ubuntu | 22.04 | noarch | python-gnupg | < any | UNKNOWN |
ubuntu | 14.04 | noarch | python-gnupg | < 0.3.6-1ubuntu0.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | python-gnupg | < 0.3.8-2ubuntu0.1~esm1 | UNKNOWN |
github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
launchpad.net/bugs/cve/CVE-2019-6690
nvd.nist.gov/vuln/detail/CVE-2019-6690
security-tracker.debian.org/tracker/CVE-2019-6690
ubuntu.com/security/notices/USN-3964-1
ubuntu.com/security/notices/USN-4839-1
www.cve.org/CVERecord?id=CVE-2019-6690
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.7%