CVE-2018-1000835

KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
keepassdxkeepass_dx
2.5.0.0:beta1
keepassdxkeepass_dx
2.5.0.0:beta10
keepassdxkeepass_dx
2.5.0.0:beta11
keepassdxkeepass_dx
2.5.0.0:beta12
keepassdxkeepass_dx
2.5.0.0:beta13
keepassdxkeepass_dx
2.5.0.0:beta14
keepassdxkeepass_dx
2.5.0.0:beta15
keepassdxkeepass_dx
2.5.0.0:beta16
keepassdxkeepass_dx
2.5.0.0:beta17
keepassdxkeepass_dx
2.5.0.0:beta2
keepassdxkeepass_dx
2.5.0.0:beta3
keepassdxkeepass_dx
2.5.0.0:beta4
keepassdxkeepass_dx
2.5.0.0:beta5
keepassdxkeepass_dx
2.5.0.0:beta6
keepassdxkeepass_dx
2.5.0.0:beta7
keepassdxkeepass_dx
2.5.0.0:beta8
keepassdxkeepass_dx
2.5.0.0:beta9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://0dd.zone/2018/10/28/KeePassDX-XXE/
https://github.com/Kunzisoft/KeePassDX/issues/200
https://0dd.zone/2018/10/28/KeePassDX-XXE/
https://github.com/Kunzisoft/KeePassDX/issues/200