Vulnerabilities > CVE-2017-15914 - Unspecified vulnerability in Borgbackup Borg 1.1.0/1.1.1/1.1.2

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
borgbackup
nessus

Summary

Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.

Vulnerable Configurations

Part Description Count
Application
Borgbackup
13

Nessus

NASL familyFreeBSD Local Security Checks
NASL idFREEBSD_PKG_0D369972D4BA11E7BFCA005056925DB4.NASL
descriptionBorgBackup reports : Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers. A user able to access a remote Borg SSH server is able to circumvent access controls post-authentication. Affected releases: 1.1.0, 1.1.1, 1.1.2. Releases 1.0.x are NOT affected.
last seen2020-06-01
modified2020-06-02
plugin id104835
published2017-11-29
reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/104835
titleFreeBSD : borgbackup -- remote users can override repository restrictions (0d369972-d4ba-11e7-bfca-005056925db4)