|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-1000858
|Vulnerable software versions||
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin within dirmngr. A remote attacker can trick the victim to perform a WKD request (enter an email address in the composer window of Thunderbird/Enigmail) and perform arbitrary actions on behalf of the victim.Remediation
Update the affected packages.