CVE-2014-3585Improper Verification of Cryptographic Signature in RED HAT Redhat-upgrade-tool

CWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 48.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT Redhat-upgrade-toolRedhat Enterprise Linux
Timeline
PublishedNov 22
Latest updateMay 17

Description

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

CVEListV5red_hat/redhat-upgrade-toolthrough 2014-08-01

Also affects: Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

1
GHSA
GHSA-vgr7-mv6h-5gwq: redhat-upgrade-tool: Does not check GPG signatures when upgrading versions2022-05-17

📋Vendor Advisories

1
Red Hat
redhat-upgrade-tool: does not check GPG signatures on package installation2014-10-14

💬Community

1
Bugzilla
CVE-2014-3585 redhat-upgrade-tool: does not check GPG signatures on package installation2014-08-01