Borg (aka BorgBackup) has a flaw in the way of processing duplicate archive names during manifest recovery. When rebuilding the manifest (which should only be needed very rarely), duplicate archive names would be handled on a “first come first serve” basis, allowing an attacker to arbitrarily overwrite archives.
CPE | Name | Operator | Version |
---|---|---|---|
borgbackup | le | 1.0.9rc1 |