CVE-2018-20587

Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.

Published : 2019-02-11 12:29 Updated : 2019-02-21 16:28

2.1
CVSS Score More info
Score 2.1 / 10
2.1

CPE

There is no CPE for this CVE.

CWE

ID Name Description Links
CWE-284 Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. CVE

History of changes

Date Event
2019-02-21 16:28
2019-02-11 12:29

New CVE