UBUNTU-CVE-2017-8296

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-8296

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-8296.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-8296

Upstream

CVE-2017-8296

Published

2017-04-27T15:59:00Z

Modified

2025-10-24T04:46:18Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext.

References

Affected packages

Ubuntu:16.04:LTS / kedpm

Package

Name: kedpm
Purl: pkg:deb/ubuntu/kedpm@1.0?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "kedpm",
            "binary_version": "1.0"
        },
        {
            "binary_name": "kedpm-gtk",
            "binary_version": "1.0"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-8296.json"