{"id":"CVE-2019-12999","details":"Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.","aliases":["GHSA-78hj-86cr-6j2v","GO-2022-0807"],"modified":"2026-03-14T06:09:16.619932Z","published":"2020-01-31T20:15:10.837Z","references":[{"type":"ADVISORY","url":"https://github.com/lightningnetwork/lnd/releases/tag/v0.7.0-beta"},{"type":"FIX","url":"https://github.com/lightningnetwork/lnd/commits/master"},{"type":"EVIDENCE","url":"https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lightningnetwork/lnd","events":[{"introduced":"0"},{"fixed":"36983214e8f7d24042fda61b048bb41daf6061da"}]},{"type":"GIT","repo":"https://github.com/lightningnetwork/lnd","events":[{"introduced":"0"},{"fixed":"36983214e8f7d24042fda61b048bb41daf6061da"}]}],"versions":["0.4-beta","queue/v1.0.1","upstream","v0.1-alpha","v0.1.1-alpha","v0.2-alpha","v0.2.1-alpha","v0.3-alpha","v0.4-beta","v0.4.1-beta","v0.4.2-beta","v0.5-beta","v0.5-beta-rc1","v0.5-beta-rc2","v0.5.1-beta","v0.5.1-beta-rc1","v0.5.1-beta-rc2","v0.5.1-beta-rc3","v0.5.1-beta-rc4","v0.6-beta","v0.6-beta-rc1","v0.6-beta-rc2","v0.6-beta-rc3","v0.6-beta-rc4","v0.6.0-beta","v0.6.1-beta","v0.6.1-beta-rc1","v0.6.1-beta-rc2","v0.7.0-beta-rc1","v0.7.0-beta-rc2","v0.7.0-beta-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12999.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7"}]},{"events":[{"introduced":"0"},{"fixed":"0.7"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}