CVE-2017-1000192

{"id": "CVE-2017-1000192", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-11-17T17:29:00.257", "references": [{"url": "https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information."}, {"lang": "es", "value": "Cygnux sysPass en su versi\u00f3n 2.1.7 y anteriores es vulnerable a una inclusi\u00f3n local de archivos en la funcionalidad de inclusi\u00f3n de archivos JavaScript. El atacante puede leer los archivos de configuraci\u00f3n que contienen la contrase\u00f1a y el usuario de la base de datos, la clave privada de cifrado y otros datos sensibles."}], "lastModified": "2024-11-21T03:04:21.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cygnux:syspass:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69554657-C5B9-4B3A-A2CE-D10BD3A142EB", "versionEndIncluding": "2.1.7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}