Vulnerability Details CVE-2007-5201
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.0%
CVSS Severity
CVSS v2 Score 4.6
Products affected by CVE-2007-5201
-
cpe:2.3:a:duplicity_project:duplicity:0.1.0
-
cpe:2.3:a:duplicity_project:duplicity:0.1.1
-
cpe:2.3:a:duplicity_project:duplicity:0.2.0
-
cpe:2.3:a:duplicity_project:duplicity:0.2.1
-
cpe:2.3:a:duplicity_project:duplicity:0.3.0
-
cpe:2.3:a:duplicity_project:duplicity:0.3.1
-
cpe:2.3:a:duplicity_project:duplicity:0.4.0
-
cpe:2.3:a:duplicity_project:duplicity:0.4.1
-
cpe:2.3:a:duplicity_project:duplicity:0.4.2
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3-
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc1
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc10
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc11
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc12
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc2
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc3
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc4
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc5
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc6
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc7
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc8
-
cpe:2.3:a:duplicity_project:duplicity:0.4.3rc9
-
cpe:2.3:a:duplicity_project:duplicity:0.4.4
-
cpe:2.3:a:duplicity_project:duplicity:0.4.4-
-
cpe:2.3:a:duplicity_project:duplicity:0.4.4rc1
-
cpe:2.3:a:duplicity_project:duplicity:0.4.4rc2
-
cpe:2.3:a:duplicity_project:duplicity:0.4.4rc3
-
cpe:2.3:a:duplicity_project:duplicity:0.4.4rc4
-
cpe:2.3:a:duplicity_project:duplicity:0.4.5
-
cpe:2.3:a:duplicity_project:duplicity:0.4.6
-
cpe:2.3:a:duplicity_project:duplicity:0.4.7
-
cpe:2.3:a:duplicity_project:duplicity:0.4.8