4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
15.9%
borgbackup is an opensource, deduplicating archiver with compression and
authenticated encryption. A flaw in the cryptographic authentication scheme
in borgbackup allowed an attacker to fake archives and potentially
indirectly cause backup data loss in the repository. The attack requires an
attacker to be able to: 1. insert files (with no additional headers) into
backups and 2. gain write access to the repository. This vulnerability does
not disclose plaintext to the attacker, nor does it affect the authenticity
of existing archives. Creating plausible fake archives may be feasible for
empty or small archives, but is unlikely for large archives. The issue has
been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally
to installing the fixed code, users must follow the upgrade procedure as
documented in the change log. Data loss after being attacked can be avoided
by reviewing the archives (timestamp and contents valid and as expected)
after any “borg check --repair” and before “borg prune”. There are no known
workarounds for this vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | borgbackup | < any | UNKNOWN |
ubuntu | 20.04 | noarch | borgbackup | < any | UNKNOWN |
ubuntu | 22.04 | noarch | borgbackup | < any | UNKNOWN |
ubuntu | 23.10 | noarch | borgbackup | < any | UNKNOWN |
ubuntu | 24.04 | noarch | borgbackup | < any | UNKNOWN |
ubuntu | 16.04 | noarch | borgbackup | < any | UNKNOWN |
borgbackup.readthedocs.io/en/stable/changes.html#pre-1-2-5-archives-spoofing-vulnerability-cve-2023-36811
github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811
github.com/borgbackup/borg/commit/277b0b81a860f4518d7bf0cc0951e77f9c99336d
github.com/borgbackup/borg/commit/3eb070191da10c2d3f7bc6484cf3d51c3045f884
github.com/borgbackup/borg/commit/449cd51b73b0710a940af8cefe74793ce81563f4
github.com/borgbackup/borg/commit/462c1bdf2e597bd2e276c8fea82c84fabc0b7244
github.com/borgbackup/borg/commit/56da3987111eb80b4ca38ac3e6aaa7953c61d2e3
github.com/borgbackup/borg/commit/5cd2060345f38f2e0324ab178f847c2f45598b12
github.com/borgbackup/borg/commit/95b560442284eda3ffae403c3086d549f6e121b8
github.com/borgbackup/borg/commit/a2ee13fd341dcd004b4a06b17d6f2fc759327861
github.com/borgbackup/borg/commit/b23e6cb73da01df038f7bd10c34a91c7187817b0
github.com/borgbackup/borg/commit/bfead4b288833f890523d8881797ff6b345edaf9
github.com/borgbackup/borg/commit/f334ef1b4de2f8a359ededa41ce13358b81e63c1
github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99
launchpad.net/bugs/cve/CVE-2023-36811
nvd.nist.gov/vuln/detail/CVE-2023-36811
security-tracker.debian.org/tracker/CVE-2023-36811
www.cve.org/CVERecord?id=CVE-2023-36811