Published: 09/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.

Vulnerable Product	Search on Vulmon	Subscribe to Product
electrum bitcoin wallet

Debian Bug report logs - #890003 electrum: CVE-2018-6353 Package: src:electrum; Maintainer for src:electrum is Tristan Seligmann <mithrandi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Feb 2018 21:51:02 UTC Severity: minor Tags: fixed-upstream, security, upstream Found in version ...

Debian Bug report logs - #886683 electrum: CVE-2018-1000022 Package: electrum; Maintainer for electrum is Tristan Seligmann <mithrandi@debianorg>; Source for electrum is src:electrum (PTS, buildd, popcon) Reported by: Daniel Koszta <danielkoszta@gmailcom> Date: Mon, 8 Jan 2018 22:21:02 UTC Severity: grave Tags: ...

CWE-862 https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/https://github.com/spesmilo/electrum/issues/3374 https://electrum.org/#home https://bitcointalk.org/index.php?topic=2702103.0 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890003

CVE-2018-1000022

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect