CVE-2020-10937

{"id": "CVE-2020-10937", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-11-02T21:15:21.100", "references": [{"url": "https://blog.ipfs.io/2020-10-30-dht-hardening/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://graz.pure.elsevier.com/en/publications/total-eclipse-of-the-heart-disrupting-the-interplanetary-file-sys", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.ipfs.io/2020-10-30-dht-hardening/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://graz.pure.elsevier.com/en/publications/total-eclipse-of-the-heart-disrupting-the-interplanetary-file-sys", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this."}, {"lang": "es", "value": "Se detect\u00f3 un problema en IPFS (tambi\u00e9n se conoce como go-ipfs) versi\u00f3n 0.4.23. Un atacante puede generar identidades ef\u00edmeras (Sybils) y aprovechar el sistema de reputaci\u00f3n de la administraci\u00f3n de conexiones IPFS para envenenar las tablas de enrutamiento de otros nodos, eclipsando los nodos que son el objetivo del ataque del resto de la red. Las versiones posteriores, en particular go-ipfs versi\u00f3n 0.7, mitigan esto"}], "lastModified": "2024-11-21T04:56:24.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:protocol:ipfs:0.4.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BB84C55-922B-4F34-B682-21F966C5F22A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}