HIGH🇵🇱 Wersja polska

CVE-2013-2100

CVSS 9.3v2.0pub. 2014-09-29upd. 2026-05-06

The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.

CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Gentoo Portage

    APP
    Gentoo
    2.1.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2016-20021CRITICAL9.8PL ✓ten sam produkt

Brak weryfikacji podpisu PGP w Gentoo Portage emerge-webrsync

CVE-2004-2778HIGH7.1ten sam produkt

Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which...

CVE-2019-20384MEDIUM5.5ten sam produkt

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugi...

CVE-2008-4394MEDIUM6.9ten sam produkt

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory...

CVE-2004-1901MEDIUM5.5ten sam produkt

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfil...