CVE-2013-20001
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.
Se detectó un problema en OpenZFS versiones hasta 2.0.3. Cuando un recurso compartido NFS es exportado a direcciones IPv6 por medio de la funcionalidad sharenfs, es producido un fallo silencioso al analizar los datos de la dirección IPv6 y es permitido un acceso a todos. Las restricciones de IPv6 de la configuración no son aplicados
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-02-12 CVE Reserved
- 2021-02-12 CVE Published
- 2024-03-19 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/openzfs/zfs/releases | Release Notes | |
| https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/openzfs/zfs/issues/1894#issuecomment-30693652 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|