Apt Cacher Ngproject Apt Cacher Ng
By the Year
In 2024 there have been 0 vulnerabilities in Apt Cacher Ngproject Apt Cacher Ng . Apt Cacher Ng did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.50 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Apt Cacher Ng vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apt Cacher Ngproject Apt Cacher Ng Security Vulnerabilities
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port
CVE-2020-5202
5.5 - Medium
- January 21, 2020
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse Leap or by Apt Cacher Ngproject? Click the Watch button to subscribe.
