VDB-9435 · CVE-2013-2260 · OSVDB 94998

Cryptocat up to 2.0.21 Cryptocat.random Remote Privilege Escalation

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Cryptocat up to 2.0.21. Upgrading to version 2.0.22 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field07/11/2013 11:23 AM03/19/2019 04:41 PM
nameCryptocatCryptocat
version<=2.0.21<=2.0.21
functionCryptocat.randomCryptocat.random
risk11
cvss2_vuldb_basescore6.06.0
cvss2_vuldb_tempscore5.25.2
cvss2_vuldb_avNN
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.06.0
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
date1352246400 (11/07/2012)1352246400 (11/07/2012)
locationWebsiteWebsite
typeBlog PostBlog Post
urlhttps://blog.crypto.cat/2012/11/security-update-our-first-full-audit/https://blog.crypto.cat/2012/11/security-update-our-first-full-audit/
coordination11
person_nameMario Heiderich/Krzysztof Koktowicz/Maxim RuppMario Heiderich/Krzysztof Koktowicz/Maxim Rupp
company_nameCure53Cure53
disputed00
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
date1352246400 (11/07/2012)1352246400 (11/07/2012)
upgrade_version2.0.222.0.22
cveCVE-2013-2260CVE-2013-2260
osvdb9499894998
mischttps://blog.crypto.cat/wp-content/uploads/2012/11/Cryptocat-2-Pentest-Report.pdfhttps://blog.crypto.cat/wp-content/uploads/2012/11/Cryptocat-2-Pentest-Report.pdf
seealso9432 9433 9434 9436 9437 9438 9439 9440 9441 9442 9443 9444 1448379432 9433 9434 9436 9437 9438 9439 9440 9441 9442 9443 9444 144837
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cve_assigned1361232000

Interested in the pricing of exploits?

See the underground prices here!