CVE-2016-10100

MEDIUM

Borg < 1.0.8 - Archive Overwrite via Manifest Recovery

Title source: llm
STIX 2.1

Description

Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95203

Scores

CVSS v3 5.3
EPSS 0.0107
EPSS Percentile 60.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (1)
borg/borg < 1.0.8
Published Jan 02, 2017
Tracked Since Feb 18, 2026