CVE-2018-1000022

MEDIUM

Electrum Bitcoin Wallet <3.0.5 - Missing Authorization

Title source: llm
STIX 2.1

Description

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.

References (4)

Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/spesmilo/electrum/issues/3374
Product x_refsource_misc
https://electrum.org/#home
Third Party Advisory x_refsource_misc
https://bitcointalk.org/index.php?topic=2702103.0

Scores

CVSS v3 5.3
EPSS 0.0177
EPSS Percentile 75.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-862
Status published
Products (1)
electrum/bitcoin_wallet < 3.0.5
Published Feb 09, 2018
Tracked Since Feb 18, 2026