CVE-2018-1000022
low-risk
Published 2018-02-09
Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.
Do I need to act?
-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ HIGH complexity
Affected Products (1)
Bitcoin Wallet
Affected Vendors
References (8)
Third Party Advisory
https://bitcointalk.org/index.php?topic=2702103.0
Product
https://electrum.org/#home
Third Party Advisory
https://github.com/spesmilo/electrum/issues/3374
Third Party Advisory
https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability...
Third Party Advisory
https://bitcointalk.org/index.php?topic=2702103.0
Product
https://electrum.org/#home
Third Party Advisory
https://github.com/spesmilo/electrum/issues/3374
Third Party Advisory
https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability...
23
/ 100
low-risk
Severity
17/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal