CVE-2016-8889

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
bitcoin_knots_projectbitcoin_knots
0.11.0
bitcoin_knots_projectbitcoin_knots
0.11.0:rc1
bitcoin_knots_projectbitcoin_knots
0.11.0:rc2
bitcoin_knots_projectbitcoin_knots
0.11.0:rc3
bitcoin_knots_projectbitcoin_knots
0.11.1
bitcoin_knots_projectbitcoin_knots
0.11.1:rc1
bitcoin_knots_projectbitcoin_knots
0.11.1:rc2
bitcoin_knots_projectbitcoin_knots
0.11.2
bitcoin_knots_projectbitcoin_knots
0.11.2:rc1
bitcoin_knots_projectbitcoin_knots
0.12.0
bitcoin_knots_projectbitcoin_knots
0.12.0:rc1
bitcoin_knots_projectbitcoin_knots
0.12.0:rc2
bitcoin_knots_projectbitcoin_knots
0.12.0:rc3
bitcoin_knots_projectbitcoin_knots
0.12.0:rc4
bitcoin_knots_projectbitcoin_knots
0.12.0:rc5
bitcoin_knots_projectbitcoin_knots
0.12.0.knots20160226:knots20160226
bitcoin_knots_projectbitcoin_knots
0.12.1.knots20160629:knots20160629
bitcoin_knots_projectbitcoin_knots
0.13.0.knots20160814:knots20160814
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94235
https://bitcointalk.org/index.php?topic=1618462.0
https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md
http://www.securityfocus.com/bid/94235
https://bitcointalk.org/index.php?topic=1618462.0
https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md