CVE-2016-8889

bitcoinknots/bitcoin

on github

Published

October 28, 2016

Severity

CVSS v3:

6.2 MEDIUM

CVSS v2:

2.1 LOW

Description

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.13.0.knots20160814:::::::*	n/a	n/a	0.13.0.knots20160814
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0:rc1::::::	n/a	n/a	0.12.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.1:::::::*	n/a	n/a	0.11.1
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0:::::::*	n/a	n/a	0.12.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.1:rc1::::::	n/a	n/a	0.11.1
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.0:rc1::::::	n/a	n/a	0.11.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.1.knots20160629:rc2::::::	n/a	n/a	0.12.1.knots20160629
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0:rc3::::::	n/a	n/a	0.12.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0:rc2::::::	n/a	n/a	0.12.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.0:::::::*	n/a	n/a	0.11.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.0:rc3::::::	n/a	n/a	0.11.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.0:rc2::::::	n/a	n/a	0.11.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0:rc5::::::	n/a	n/a	0.12.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.2:rc1::::::	n/a	n/a	0.11.2
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.1:rc2::::::	n/a	n/a	0.11.1
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0.knots20160226:rc1::::::	n/a	n/a	0.12.0.knots20160226
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.12.0:rc4::::::	n/a	n/a	0.12.0
cpe:2.3:a:bitcoin_knots_project:bitcoin_knots:0.11.2:::::::*	n/a	n/a	0.11.2

External Links

NVD - CVE-2016-8889