VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-f7z6-jm9f-aaap

Essentials
Severities (110)
References (45)
Severity details (41)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-f7z6-jm9f-aaap
Aliases	CVE-2019-6690 GHSA-2fch-jvg5-crf6 GHSA-qh62-ch95-63wh PYSEC-2019-115 PYSEC-2019-45
Summary	python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
cvssv3.1	7.5	http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
cvssv3.1	7.5	http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
generic_textual	HIGH	http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6690.html
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6690.json
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01419	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01446	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01446	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01446	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.01446	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.18035	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.18035	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.18035	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.18035	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.18035	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.22008	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.23869	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.24588	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.24588	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
epss	0.24945	https://api.first.org/data/v1/epss?cve=CVE-2019-6690
generic_textual	MODERATE	https://bitbucket.org/vinay.sajip/python-gnupg/commits/1a5196800604c05f9e347110b4ecca538ba68cdc
cvssv3.1	7.5	https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability
generic_textual	HIGH	https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1670364
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6690
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-2fch-jvg5-crf6
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-qh62-ch95-63wh
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/python-gnupg/PYSEC-2019-115.yaml
generic_textual	Medium	https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
generic_textual	Medium	https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
generic_textual	Medium	https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2019-6690
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-6690
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-6690
cvssv3.1	7.5	https://pypi.org/project/python-gnupg/#history
generic_textual	HIGH	https://pypi.org/project/python-gnupg/#history
cvssv3.1	7.5	https://seclists.org/bugtraq/2019/Jan/41
generic_textual	HIGH	https://seclists.org/bugtraq/2019/Jan/41
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3964-1
cvssv3.1	7.5	https://usn.ubuntu.com/3964-1
generic_textual	HIGH	https://usn.ubuntu.com/3964-1
cvssv3.1	7.5	https://web.archive.org/web/20200227091727/http://www.securityfocus.com/bid/106756
generic_textual	HIGH	https://web.archive.org/web/20200227091727/http://www.securityfocus.com/bid/106756
generic_textual	MODERATE	http://www.securityfocus.com/bid/106756

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
		http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
		http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6690.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6690.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-6690
		https://bitbucket.org/vinay.sajip/python-gnupg/commits/1a5196800604c05f9e347110b4ecca538ba68cdc
		https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6690
		https://cwe.mitre.org/data/definitions/20.html
		https://github.com/pypa/advisory-database/tree/main/vulns/python-gnupg/PYSEC-2019-115.yaml
		https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
		https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
		https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
		https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
		https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/
		https://pypi.org/project/python-gnupg/#history
		https://seclists.org/bugtraq/2019/Jan/41
		https://ubuntu.com/security/notices/USN-3964-1
		https://usn.ubuntu.com/3964-1
		https://usn.ubuntu.com/3964-1/
		https://web.archive.org/web/20200227091727/http://www.securityfocus.com/bid/106756
		http://www.securityfocus.com/bid/106756
1670364		https://bugzilla.redhat.com/show_bug.cgi?id=1670364
cpe:2.3:a:python:python-gnupg:0.4.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python-gnupg:0.4.3:::::::*
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:opensuse:leap:15.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
CVE-2019-6690		https://nvd.nist.gov/vuln/detail/CVE-2019-6690
CVE-2019-6690-PYTHON-GNUPG-VULNERABILITY		https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
GHSA-2fch-jvg5-crf6		https://github.com/advisories/GHSA-2fch-jvg5-crf6
GHSA-qh62-ch95-63wh		https://github.com/advisories/GHSA-qh62-ch95-63wh
USN-USN-4839-1		https://usn.ubuntu.com/USN-4839-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6690.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-6690

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-6690

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-6690

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://pypi.org/project/python-gnupg/#history

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://seclists.org/bugtraq/2019/Jan/41

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://usn.ubuntu.com/3964-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://web.archive.org/web/20200227091727/http://www.securityfocus.com/bid/106756

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.86910
EPSS Score	0.01419
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.