Vulnerability Details CVE-2019-12999
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/lightningnetwork/lnd/commits/master
- https://github.com/lightningnetwork/lnd/releases/tag/v0.7.0-beta
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html
- https://github.com/lightningnetwork/lnd/commits/master
- https://github.com/lightningnetwork/lnd/releases/tag/v0.7.0-beta
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html
Products affected by CVE-2019-12999
-
cpe:2.3:a:lightning:network_daemon:*