CVE-2021-26917

Published: Feb 8, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker

Affected (1)

Products: Bitmessage: Pybitmessage

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bitmessage Pybitmessage	Up to 0.6.3.2

References (8)

https://attack.mitre.org/techniques/T1113/

Source: cve@mitre.org

Third Party Advisory

https://github.com/Bitmessage/PyBitmessage/blob/f381721bec31641002e2f240309600c4994855a7/src/api.py#L35-L37

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/Bitmessage/PyBitmessage/releases

Source: cve@mitre.org

Release NotesThird Party Advisory

https://poal.co/s/technology/290479

Source: cve@mitre.org

ExploitThird Party Advisory

https://attack.mitre.org/techniques/T1113/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/Bitmessage/PyBitmessage/blob/f381721bec31641002e2f240309600c4994855a7/src/api.py#L35-L37

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/Bitmessage/PyBitmessage/releases

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://poal.co/s/technology/290479

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.