cbcvebase.
CVE-2018-20587
published 2019-02-11

CVE-2018-20587: Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit…

PriorityP424medium5.5CVSS 3.0
AVLACLPRLUINSUCNIHAN
EPSS
0.35%
26.8th percentile
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.

Affected

2 ranges
VendorProductVersion rangeFixed in
bitcoinbitcoin_core0.12.0 – 0.17.1
bitcoinknotsbitcoin_knots0.12.0 – 0.17.0

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.