Lucene search
Veracode Vulnerability DatabaseVERACODE:40268HistoryApr 24, 2023 - 9:40 a.m.
Authorization Bypass
2023-04-2409:40:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
authorization bypass
checksums generation
pause
modified package
0.001 Low
EPSS
Percentile
21.4%
libcpan-checksums-perl is vulnerable to Authorization Bypasses. Checksums generates CHECKSUMSs recursively for each directory under the author/directory structure, and the file path does not contain an author handle. An attacker with PAUSE access can trick PAUSE into generating a valid CHECKSUMS file for another authors package, allowing a malicious mirror or network attacker to serve a modified package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libcpan-checksums-perl:sid | eq | 2.12-1 | |
| libcpan-checksums-perl:sid | eq | 2.12-1 |
Related
cnvd
cnvd
cpanminus signature verification vulnerability
2021-12-15 00:00:00
ubuntucve
ubuntucve
CVE-2020-16155
2021-12-13 00:00:00
prion
prion
Code injection
2021-12-13 18:15:00
cvelist
cvelist
CVE-2020-16155
2021-12-13 17:01:52
nvd
nvd
CVE-2020-16155
2021-12-13 18:15:07
cve
cve
CVE-2020-16155
2021-12-13 18:15:07
debiancve
debiancve
CVE-2020-16155
2021-12-13 18:15:07