CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2000-0680

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.6%

CVSS Severity

CVSS v2 Score 7.2

References

http://www.securityfocus.com/bid/1524
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
http://www.securityfocus.com/bid/1524
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org

Products affected by CVE-2000-0680

Cvs » Cvs » Version: 1.10.8

cpe:2.3:a:cvs:cvs:1.10.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2000-0680

Products

Pricing

Contact Us