4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
15.9%
BorgBackup is vulnerable to Archive Spoofing. The vulnerability is due a flaw in the cryptographic authentication scheme, which could potentially allow an attacker to create fake archives and indirectly cause data loss in the backup repository.
github.com/borgbackup/borg/blob/1.2.5-cvedocs/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811
github.com/borgbackup/borg/commit/3eb070191da10c2d3f7bc6484cf3d51c3045f884
github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99
lists.fedoraproject.org/archives/list/[email protected]/message/5Q3OHXERTU547SEQ3YREZXHOCYNLVD63/
lists.fedoraproject.org/archives/list/[email protected]/message/XOZDFIYEBIOKSIEAXUJJJFUJTAJ7TF3C/
lists.fedoraproject.org/archives/list/[email protected]/message/ZUCQSMAWOJBCRGF6XPKEZ2TPGAPNKIWV/