Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Simple Password Store 安全漏洞
Vulnerability Description
Simple Password Store是一款密码存储和管理工具。 Simple Password Store 1.7.x before 1.7.2之前的版本中的pass的password-store.sh文件存在安全漏洞,该漏洞源于验证签名的例行程序使用了不完整的正则表达式解析GnuPG的导出。远程攻击者可利用该漏洞伪造配置文件或扩展脚本上的文件签名,插入其他加密密钥,泄露密码或执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A