Search for vulnerabilities
Vulnerability details: VCID-ased-nxvr-aaaq
Vulnerability ID VCID-ased-nxvr-aaaq
Aliases CVE-2012-4430
Summary The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
Status Published
Exploitability 0.5
Weighted Severity 3.6
Risk 1.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4430.html
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00280 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.00607 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
epss 0.0161 https://api.first.org/data/v1/epss?cve=CVE-2012-4430
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=857955
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4430
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2012-4430
generic_textual Low http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4430.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4430.json
https://api.first.org/data/v1/epss?cve=CVE-2012-4430
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4430
http://secunia.com/advisories/50535
http://secunia.com/advisories/50808
http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view
http://www.bacula.org/en/?page=news
http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
http://www.debian.org/security/2012/dsa-2558
http://www.mandriva.com/security/advisories?name=MDVSA-2012:166
http://www.openwall.com/lists/oss-security/2012/09/14/11
http://www.openwall.com/lists/oss-security/2012/09/14/12
http://www.openwall.com/lists/oss-security/2012/09/15/2
http://www.securityfocus.com/bid/55505
687923 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687923
857955 https://bugzilla.redhat.com/show_bug.cgi?id=857955
cpe:2.3:a:bacula:bacula:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bacula:bacula:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVE-2012-4430 https://nvd.nist.gov/vuln/detail/CVE-2012-4430
GLSA-201405-11 https://security.gentoo.org/glsa/201405-11
No exploits are available.
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-4430
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.55527
EPSS Score 0.00177
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.