{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-11-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-20T15:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/frostwire/frostwire/issues/829"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-11-27T13:54:33.464913", "DATE_REQUESTED": "2018-10-28T03:59:08", "ID": "CVE-2018-1000828", "REQUESTER": "sajeeb@0dd.zone", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/", "refsource": "MISC", "url": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/"}, {"name": "https://github.com/frostwire/frostwire/issues/829", "refsource": "MISC", "url": "https://github.com/frostwire/frostwire/issues/829"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:47:57.149Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/frostwire/frostwire/issues/829"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000828", "datePublished": "2018-12-20T15:00:00.000Z", "dateReserved": "2018-12-20T00:00:00.000Z", "dateUpdated": "2024-09-17T01:57:06.254Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frostwire:frostwire:1.9.9:build246:*:*:*:desktop:*:*", "matchCriteriaId": "4E95E0EA-7F5F-43B7-BE1B-E2AB7907455F", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:1.9.9:build247:*:*:*:desktop:*:*", "matchCriteriaId": "0AA38B2E-78AC-471D-94DC-4C6ECA82DC92", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:2.0.7:build263:*:*:*:desktop:*:*", "matchCriteriaId": "C486DDC6-45F0-454E-AAC8-810624DB73C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.1.6:build166:*:*:*:desktop:*:*", "matchCriteriaId": "96E555C6-DC2B-4F2E-9856-BBF30788F723", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.1.6:build167:*:*:*:desktop:*:*", "matchCriteriaId": "0132EF81-818F-480F-BC36-51923728B0A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.1.7:build168:*:*:*:desktop:*:*", "matchCriteriaId": "1495B24D-E5E8-42D2-ABA3-6F4917337C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.1.8:build169:*:*:*:desktop:*:*", "matchCriteriaId": "97C1475A-7F88-40D2-973E-145B32B726D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.1.9:build172:*:*:*:desktop:*:*", "matchCriteriaId": "8A6FF2BB-FE03-4AF4-96E0-3BA5C33DFC51", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.2.0:build173:*:*:*:desktop:*:*", "matchCriteriaId": "CE90F675-07E4-4CAD-AB19-8986F2E4713F", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.2.0:build174:*:*:*:desktop:*:*", "matchCriteriaId": "C9FAC4E2-87D5-4AAC-B6A3-9A37CED30C25", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.2.1:build175:*:*:*:desktop:*:*", "matchCriteriaId": "AB669275-0836-48F9-A74D-FFC4A5E59485", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.2.2:build176:*:*:*:desktop:*:*", "matchCriteriaId": "FF02652D-4BE6-4FA2-9117-154888570B32", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.2.3:build177:*:*:*:desktop:*:*", "matchCriteriaId": "4BA148E5-209A-42EF-A723-C054AA8927FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.2.3:build178:*:*:*:desktop:*:*", "matchCriteriaId": "1B6ACE52-5373-4EE7-ACA7-925902434CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.2.4:build179:*:*:*:desktop:*:*", "matchCriteriaId": "2428B046-09A4-49FF-80C2-DAFB54BD050D", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.0:build180:*:*:*:desktop:*:*", "matchCriteriaId": "244B2B80-43DE-4799-864A-E1677F39C514", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.0:build181:*:*:*:desktop:*:*", "matchCriteriaId": "DA70A608-C3B4-4C4F-823E-B6EEEFD46C2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.0:build182:*:*:*:desktop:*:*", "matchCriteriaId": "D3A162B3-6A3F-479D-99B1-4B3DCF74A5CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.0:build183:*:*:*:desktop:*:*", "matchCriteriaId": "BDAF2AFD-8616-41FE-844B-40537A44B96B", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.0:build184:*:*:*:desktop:*:*", "matchCriteriaId": "61EEDE0E-E1CF-4F06-9DE8-E5063FBE57AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.0:build185:*:*:*:desktop:*:*", "matchCriteriaId": "12820242-D622-49F1-BD41-77D9991634F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.1:build186:*:*:*:desktop:*:*", "matchCriteriaId": "CB3F79B1-A811-44F1-B892-6B5DAC65CCAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.2:build187:*:*:*:desktop:*:*", "matchCriteriaId": "CF1ADD60-4792-4CC5-A8DC-AB82047EF5EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.2:build188:*:*:*:desktop:*:*", "matchCriteriaId": "A1C3ABAC-84D6-4260-96AE-841FCF0ADF20", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.3:build189:*:*:*:desktop:*:*", "matchCriteriaId": "147D0437-6534-4400-A4B1-4BEC9CD0E79F", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.3:build190:*:*:*:desktop:*:*", "matchCriteriaId": "10D3A6E2-8C61-4941-A94D-CB025D5511CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.3:build193:*:*:*:desktop:*:*", "matchCriteriaId": "94511687-D237-497E-8B26-79E80D3C6ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.3:build255:*:*:*:desktop:*:*", "matchCriteriaId": "FDE462AA-41A2-4BC5-897F-B013D64C001B", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.4:build193:*:*:*:desktop:*:*", "matchCriteriaId": "232BFF4C-0D70-402D-AE8E-4645C142C503", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.4:build194:*:*:*:desktop:*:*", "matchCriteriaId": "A96B3160-D50B-414F-A446-AD0DB1D0B2FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.5:build195:*:*:*:desktop:*:*", "matchCriteriaId": "6A6A5BE2-9293-4F3D-8297-CF7D9DCF178D", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.5:build197:*:*:*:desktop:*:*", "matchCriteriaId": "C49442FC-5201-4D13-9022-AFD2D27BB480", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.5:build198:*:*:*:desktop:*:*", "matchCriteriaId": "DE9C2B90-435D-4506-91D8-A7E1DEC05775", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.6:build201:*:*:*:desktop:*:*", "matchCriteriaId": "0DEF48EB-EF46-42F6-9B93-84A346508251", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.6:build202:*:*:*:desktop:*:*", "matchCriteriaId": "8D8FB038-5DE4-42E1-9D23-DF14D9A35625", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.7:build203:*:*:*:desktop:*:*", "matchCriteriaId": "F698AC23-AB78-4B97-97C3-ED005F626C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.7:build204:*:*:*:desktop:*:*", "matchCriteriaId": "5CF77E33-22BC-433B-B8CE-D684189387CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.7:build205:*:*:*:desktop:*:*", "matchCriteriaId": "7563D5A0-35D2-453E-B0C4-94BC6DBDBBB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.3.7:build206:*:*:*:desktop:*:*", "matchCriteriaId": "F92400DF-A496-4BC9-8303-942F799463BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.0:build207:*:*:*:desktop:*:*", "matchCriteriaId": "84BD1753-CFB2-4552-966D-65B9E467FAB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.0:build208:*:*:*:desktop:*:*", "matchCriteriaId": "F4CCE584-55F0-45CE-ADC0-3B764E2E69B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.1:build209:*:*:*:desktop:*:*", "matchCriteriaId": "35225390-F59F-40E1-B491-47501ACE2A92", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.1:build210:*:*:*:desktop:*:*", "matchCriteriaId": "0866BDCE-D7A1-467F-8864-A02C96B539E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.2:build212:*:*:*:desktop:*:*", "matchCriteriaId": "8BE43E96-49F7-414B-87ED-B4BA28172154", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.3:build214:*:*:*:desktop:*:*", "matchCriteriaId": "5BFC12DE-9570-4090-92BF-4DDD8E860A55", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.4:build215:*:*:*:desktop:*:*", "matchCriteriaId": "7549971B-C972-4B96-8455-7D5C570B7005", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.5:build218:*:*:*:desktop:*:*", "matchCriteriaId": "C3737065-1FE8-4CBE-BA54-5BF3C4798CD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.5:build219:*:*:*:desktop:*:*", "matchCriteriaId": "CEA2A8AA-FEDE-4EF9-9445-2A1F739B50C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.5:build220:*:*:*:desktop:*:*", "matchCriteriaId": "9400DE0C-BE29-4BB5-AB64-91C720A3E9B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.5:build221:*:*:*:desktop:*:*", "matchCriteriaId": "386EF955-2F9A-42EA-BD72-79736A2BF466", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.5:build222:*:*:*:desktop:*:*", "matchCriteriaId": "57A1D356-9D1A-4605-A5E9-2C8CE13A4537", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.6:build223:*:*:*:desktop:*:*", "matchCriteriaId": "EC0A0D7E-CA6B-464C-9372-F4E4505BEE19", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.6:build227:*:*:*:desktop:*:*", "matchCriteriaId": "C1040EA6-6BAE-4570-B483-15D97BA8DF78", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.7:build228:*:*:*:desktop:*:*", "matchCriteriaId": "701FEDD5-7407-4C6D-9802-F1ABCAC48B9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.7:build229:*:*:*:desktop:*:*", "matchCriteriaId": "FDCF12B9-25C6-4370-990E-2799DB5EABF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.8:build230:*:*:*:desktop:*:*", "matchCriteriaId": "A4356B54-6472-4E45-91A3-F02F3A40975D", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.8:build232:*:*:*:desktop:*:*", "matchCriteriaId": "E6296443-EB65-4284-87B6-FF5E88E2AB88", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.8:build233:*:*:*:desktop:*:*", "matchCriteriaId": "B1AC7EEE-63DF-4562-9BF0-A47F892112F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.8:build234:*:*:*:desktop:*:*", "matchCriteriaId": "21CEC55B-4970-4BDB-BCAD-7F3CAFF55764", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.4.9:build235:*:*:*:desktop:*:*", "matchCriteriaId": "63076BE3-277C-4E58-AE8C-BAE2DFE70E39", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.0:build236:*:*:*:desktop:*:*", "matchCriteriaId": "F5E96164-6326-44D2-8F36-B2715BC62749", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.1:build238:*:*:*:desktop:*:*", "matchCriteriaId": "A868DD7E-E457-4C36-B851-E8276C3119CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.2:build239:*:*:*:desktop:*:*", "matchCriteriaId": "E4D6B7ED-7BFD-4322-9378-935DAA0D9577", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.3:build240:*:*:*:desktop:*:*", "matchCriteriaId": "C4EFFE22-22C5-461E-ADD1-78D0A043AC81", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.4:build241:*:*:*:desktop:*:*", "matchCriteriaId": "A895ADA4-F589-4E41-8392-A5FC056FE9BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.5:build242:*:*:*:desktop:*:*", "matchCriteriaId": "A1FA458E-DACD-404A-B040-3E09B52CF677", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.5:build243:*:*:*:desktop:*:*", "matchCriteriaId": "E515F51E-9B8F-47D1-8029-187F743E2FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.8:build244:*:*:*:desktop:*:*", "matchCriteriaId": "52674DBB-21F5-47E4-9406-B80CCA2AE023", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.8:build245:*:*:*:desktop:*:*", "matchCriteriaId": "5747F8E5-EA6D-47A7-9930-0D597765B3C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.5.9:build246:*:*:*:desktop:*:*", "matchCriteriaId": "7E96023E-F6FE-41E0-886F-FC24209E2DD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.0:build248:*:*:*:desktop:*:*", "matchCriteriaId": "4611DF07-416F-4C03-97FC-5673522667EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.1:build249:*:*:*:desktop:*:*", "matchCriteriaId": "E7F1C38C-F67A-4CB8-ADF0-7EA14B26F6D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.2:build250:*:*:*:desktop:*:*", "matchCriteriaId": "2958AD44-2388-4C07-80AC-426D639C9953", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.2:build251:*:*:*:desktop:*:*", "matchCriteriaId": "139D0C13-1325-4E2F-B8EB-8261066548BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.3:build252:*:*:*:desktop:*:*", "matchCriteriaId": "297375AD-4140-4504-B9D7-3BCDD3BF4986", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.3:build253:*:*:*:desktop:*:*", "matchCriteriaId": "C08F2D26-AE23-4CA1-9EA9-EC82FC8B001E", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.4:build256:*:*:*:desktop:*:*", "matchCriteriaId": "538E483B-8A9E-4B3C-8D78-502656C29A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.5:build257:*:*:*:desktop:*:*", "matchCriteriaId": "07053E7A-6D11-4568-AFBE-EAA343EE9A06", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.6:build258:*:*:*:desktop:*:*", "matchCriteriaId": "23CEE5E2-6F93-4688-8C62-E4F31F118DB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.7:build529:*:*:*:desktop:*:*", "matchCriteriaId": "569DC93E-D759-4861-BE9E-0F8AD3399A73", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.6.8:build260:*:*:*:desktop:*:*", "matchCriteriaId": "41C6B5E5-F11A-4F58-BA53-EF488EABA454", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.0:build261:*:*:*:desktop:*:*", "matchCriteriaId": "82CF7542-D0EB-44E4-AD4C-6CE303CA1375", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.0:build262:*:*:*:desktop:*:*", "matchCriteriaId": "B58AADCC-CD14-46AB-AD56-99443B0800EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.0:build264:*:*:*:desktop:*:*", "matchCriteriaId": "DCF68BCA-710F-4342-B4DE-8E58EB83C15E", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.0:build265hotfix:*:*:*:desktop:*:*", "matchCriteriaId": "68042A96-F268-47B3-9CDE-4EF2757AB912", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.1:build266:*:*:*:desktop:*:*", "matchCriteriaId": "6DA329F1-B718-4E42-AF02-C057EAB7C240", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.1:build267:*:*:*:desktop:*:*", "matchCriteriaId": "3BB8E411-78E1-4213-8E86-6FADF3AC6B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.1:build268:*:*:*:desktop:*:*", "matchCriteriaId": "ACFCCFA4-F31D-475F-991E-5EEFBE914EF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.2:build269:*:*:*:desktop:*:*", "matchCriteriaId": "EA14ECAA-FC1C-4683-8E09-35ABFB8CEAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.2:build270:*:*:*:desktop:*:*", "matchCriteriaId": "ED3B979C-11EF-4711-96F8-3D467285CB7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.3:build271:*:*:*:desktop:*:*", "matchCriteriaId": "984D575B-CC5D-4F86-87BE-E5ECE078BF62", "vulnerable": true}, {"criteria": "cpe:2.3:a:frostwire:frostwire:6.7.4:build272:*:*:*:desktop:*:*", "matchCriteriaId": "E7C9A213-47AE-456F-812E-4B80F2D62162", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software."}, {"lang": "es", "value": "FrostWire, en versiones iguales o anteriores a la frostwire-desktop-6.7.4-build-272, contiene una vulnerabilidad de XEE (XML External Entity) en modo Man-in-the-Middle (MitM) en las actualizaciones que puede resultar en la divulgaci\u00f3n de datos confidenciales, una denegaci\u00f3n de servicio (DoS), Server-Side Request Forgery (SSRF) o el escaneo de puertos. El ataque parece ser explotable mediante un Man-in-the-Middle (MitM) en una llamada para actualizar el software."}], "id": "CVE-2018-1000828", "lastModified": "2024-11-21T03:40:26.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-20T15:29:01.190", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/frostwire/frostwire/issues/829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://0dd.zone/2018/10/28/frostwire-XXE-MitM/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/frostwire/frostwire/issues/829"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}