CVE-2000-0680
Summary
| CVE | CVE-2000-0680 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2000-10-20 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action. |
Risk And Classification
Primary CVSS: v2.0 7.2 from [email protected]
AV:L/AC:L/Au:N/C:C/I:C/A:C
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:L/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Document Not Found | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit, Vendor Advisory |
| CVS Checkin.prog Binary Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.