Vulnerabilities > CVE-2021-26917 - Unspecified vulnerability in Bitmessage Pybitmessage

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

bitmessage

NVD

Published: 2021-02-08

Updated: 2024-04-11

Summary

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker

Vulnerable Configurations

Part	Description	Count
Application	Bitmessage Bitmessage Pybitmessage 0.3.5 Bitmessage Pybitmessage 0.4.0 Bitmessage Pybitmessage 0.4.1 Bitmessage Pybitmessage 0.4.2 Bitmessage Pybitmessage 0.4.3 Bitmessage Pybitmessage 0.4.4 Bitmessage Pybitmessage 0.4.5 Bitmessage Pybitmessage 0.4.5.1 Bitmessage Pybitmessage 0.4.5.2 Bitmessage Pybitmessage 0.5.0 Bitmessage Pybitmessage 0.5.1 Bitmessage Pybitmessage 0.5.2 Bitmessage Pybitmessage 0.5.3 Bitmessage Pybitmessage 0.5.4 Bitmessage Pybitmessage 0.5.5 Bitmessage Pybitmessage 0.5.6 Bitmessage Pybitmessage 0.5.7 Bitmessage Pybitmessage 0.5.8 Bitmessage Pybitmessage 0.6.0 Bitmessage Pybitmessage 0.6.1 Bitmessage Pybitmessage 0.6.2 Bitmessage Pybitmessage 0.6.3 Bitmessage Pybitmessage 0.6.3.1 Bitmessage Pybitmessage 0.6.3.2	24

Summary

Vulnerable Configurations

References