The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| duplicity(PyPI) | 0 | 0.4.9 | N/A |
CVSS Metrics
