{"id":"CVE-2019-12998","details":"c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states \"It can be used for testing, but it should not be used for real funds.\"","modified":"2026-07-08T23:46:48.069061Z","published":"2020-01-31T20:15:10.773Z","references":[{"type":"FIX","url":"https://github.com/ElementsProject/lightning/commits/master"},{"type":"EVIDENCE","url":"https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elementsproject/lightning","events":[{"introduced":"0"},{"fixed":"43d5492619b00e42bd34492f8b9a837b6a03df65"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:elementsproject:c-lightning:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"0.7.1"}]}}],"versions":["v0.7.1rc5","v0.7.1rc4","v0.7.1rc3","v0.7.1rc2","v0.7.1rc1","v0.7.0","v0.7.0rc3","v0.7.0rc2","v0.7.0rc1","v0.6.3rc1","plugin-2-deadend","v0.6.2","v0.6.2rc1","v0.6.1rc2","v0.6.1rc1","v0.6rc2","v0.6","v0.6rc1","v0.5.2-2016-11-21","v0.5.1-2016-10-21","v0.5-2016-10-19","v0.4-2016-08-19","v0.3-2016-05-26","v0.2-2016-01-22","v0.1-2015-08-08","where-the-500-went"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12998.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}