pass
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Stores, retrieves, generates, and synchronizes passwords securely |
| Version | 1.7.4-7 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1342 | 1.7.4-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-28086 | AVG-1342 | Medium | Yes | Insufficient validation | pass has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-720 | 1.7.1-1 | 1.7.2-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-12356 | AVG-720 | High | Yes | Arbitrary code execution | An issue was discovered in password-store.sh in pass in Simple Password Store 1.7 through 1.7.1. The signature verification routine parses the output of... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 19 Jun 2018 | ASA-201806-11 | AVG-720 | High | arbitrary code execution |