CVE-2000-0680
Published Oct 20, 2000
Last updated 16 years ago
Overview
- Description
- The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62135DD0-140D-42C2-9302-31B5E2DE1A4A"
}
],
"operator": "OR"
}
]
}
]