Back to search
CVE-2018-1000858
Published: Dec 20, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html
x_refsource_MISC
USN-3853-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now