borgbackup -- remote users can override repository restrictions

Affected packages
1.1.0 <= py34-borgbackup < 1.1.3
1.1.0 <= py35-borgbackup < 1.1.3
1.1.0 <= py36-borgbackup < 1.1.3


VuXML ID 0d369972-d4ba-11e7-bfca-005056925db4
Discovery 2017-11-27
Entry 2017-11-29

BorgBackup reports:

Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers. A user able to access a remote Borg SSH server is able to circumvent access controls post-authentication. Affected releases: 1.1.0, 1.1.1, 1.1.2. Releases 1.0.x are NOT affected.


CVE Name CVE-2017-15914