CVE-2015-8378

HIGH

KeePassX < 0.4.3 - Sensitive Information Exposure via XML Export Cancel

Title source: llm
STIX 2.1

Description

In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory x_refsource_confirm
http://bugs.debian.org/791858
Release Notes, Vendor Advisory x_refsource_confirm
https://www.keepassx.org/changelog

Scores

CVSS v3 7.5
EPSS 0.0119
EPSS Percentile 64.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
keepassx_project/keepassx < 0.4.3
Published Apr 10, 2017
Tracked Since Feb 18, 2026