Vulnerabilities > CVE-2019-12875 - Exposure of Resource to Wrong Sphere vulnerability in Alpinelinux Abuild

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
alpinelinux
CWE-668

Summary

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.

Vulnerable Configurations

Part Description Count
Application
Alpinelinux
118

Common Weakness Enumeration (CWE)