CVE-2018-6353 Information
Feb 14, 2021
cve
Description
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered a different vulnerability than CVE-2018-1000022.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/spesmilo/electrum/issues/3678 https://github.com/spesmilo/electrum/pull/3700
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: