Red Hat Bugzilla – Bug 1532554
CVE-2018-1000022 electrum: Unprotected JSON-RPC interface
Last modified: 2018-02-15 15:08:27 EST
It was found that electrum before 3.0.4 allowed CORS for the JSON-RPC server. This allows malicious users to possibly access wallets via the local RPC ports.
Created electrum tracking bugs for this issue:
Affects: fedora-26 [bug 1532555]
electrum-3.0.5-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
This bug have been fixed in all supported versions of Fedora.