Risk | Low |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2023-40257 CVE-2023-40258 CVE-2023-40259 |
CWE-ID | CWE-254 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Bitcoin Knots Server applications / Other server solutions |
Vendor | Bitcoin Knots |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU84356
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40257
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to an unspecified error in the extended rpcauth wallet-restriction syntax, which is intended to enable semi-trusted local applications using the Bitcoin Knots API to access only specific wallets and not others. A local user can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsBitcoin Knots: 0.12.0 - 23.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84357
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40258
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to an unspecified error in the extended rpcauth wallet-restriction syntax, which is intended to enable semi-trusted local applications using the Bitcoin Knots API to access only specific wallets and not others. A local user can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsBitcoin Knots: 0.12.0 - 23.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84358
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40259
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to an unspecified error in the extended rpcauth wallet-restriction syntax, which is intended to enable semi-trusted local applications using the Bitcoin Knots API to access only specific wallets and not others. A local user can bypass implemented security restrictions.
Install updates from vendor's website.
Vulnerable software versionsBitcoin Knots: 0.12.0 - 23.0
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.