CVE-2015-8378
HIGHKeePassX < 0.4.3 - Sensitive Information Exposure via XML Export Cancel
Title source: llmDescription
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_confirm
http://bugs.debian.org/791858
Release Notes, Vendor Advisory x_refsource_confirm
https://www.keepassx.org/changelog
Scores
CVSS v3
7.5
EPSS
0.0119
EPSS Percentile
64.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
keepassx_project/keepassx
< 0.4.3
Published
Apr 10, 2017
Tracked Since
Feb 18, 2026