Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4aGotODZjci02ajJ2
Improper Access Control in Lightning Network Daemon
Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.
Permalink: https://github.com/advisories/GHSA-78hj-86cr-6j2vJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4aGotODZjci02ajJ2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-78hj-86cr-6j2v, CVE-2019-12999
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-12999
- https://github.com/lightninglabs/chanleakcheck
- https://github.com/lightningnetwork/lnd/commits/master
- https://github.com/lightningnetwork/lnd/releases/tag/v0.7.0-beta
- https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html
- https://github.com/advisories/GHSA-78hj-86cr-6j2v
Blast Radius: 16.2
Affected Packages
go:github.com/lightningnetwork/lnd
Dependent packages: 190Dependent repositories: 145
Downloads:
Affected Version Ranges: <= 0.7.0
Fixed in: 0.7.1-beta
All affected versions: 0.0.2
All unaffected versions: