Unrated severityNVD Advisory· Published Dec 20, 2018· Updated Aug 5, 2024

CVE-2018-1000858

Description

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Gnupg/Gnupginferred
Range: >=2.1.12,<=2.2.11
dirmngr/dirmngrllm-fuzzy
Range: >=2.1.12, <=2.2.11
osv-coords2 versions
pkg:rpm/opensuse/gpg2&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
< 2.2.5-lp150.3.6.1+ 1 more
- (no CPE)range: < 2.2.5-lp150.3.6.1
- (no CPE)range: < 2.2.5-4.6.2

Patches

Vulnerability mechanics

References

usn.ubuntu.com/3853-1/mitrevendor-advisoryx_refsource_UBUNTU
sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.htmlmitrex_refsource_MISC
sektioneins.de/en/blog/18-11-23-gnupg-wkd.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000