CVE-2016-10100

CVE-2016-10100

EPSS 1.1%

Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability http://www.securityfocus.com/bid/95203