CVE-2016-10099

MEDIUM

Borg <1.0.9 - Info Disclosure

Title source: llm

Description

Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.

References (2)

[Mitigation, Vendor Advisory] http://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95205

Scores

CVSS v3 5.3

EPSS 0.0054

EPSS Percentile 67.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-310

Status published

Affected Products (2)

borg_project/borg < 1.0.8

n/a/n/a

Timeline

Published Jan 02, 2017

Tracked Since Feb 18, 2026