- Description
- A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
- Source
- patrick@puiterwijk.org
- NVD status
- Analyzed
- Products
- sparkle, hci_compute_node, oncommand_workflow_automation
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- patrick@puiterwijk.org
- CWE-552
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sparkle-project:sparkle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "338ED490-33A3-4531-B18F-23466B3E5DAD",
"versionEndExcluding": "2.6.4"
},
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
},
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E"
}
],
"operator": "OR"
}
]
}
]