borgbackup is vulnerable to spoofing attacks. It does not verify the manifest, allowing an attacker to spoof. To exploit the vulnerability, it requires an attacker to be able to insert files (with no additional headers) into backups, and have write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. However, it allows an attacker to create a spoofed manifest (i.e., the list of archives), which may be feasible for small archives, but unlikely for large archives.
CPE | Name | Operator | Version |
---|---|---|---|
borgbackup | le | 1.0.9rc1 |