CVE-2017-10679

{"id": "CVE-2017-10679", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-06-29T21:29:00.237", "references": [{"url": "http://www.securityfocus.com/bid/99380", "source": "cve@mitre.org"}, {"url": "https://github.com/Piwigo/Piwigo/issues/721", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Piwigo/Piwigo/issues/723", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed."}, {"lang": "es", "value": "Piwigo hasta la versi\u00f3n 2.9.1 permite que atacantes remotos obtengan informaci\u00f3n sensible sobre el nombre descriptivo de un v\u00ednculo permanente examinando la URL de redirecci\u00f3n que se devuelve en una petici\u00f3n para el n\u00famero de ID del v\u00ednculo permanente de un \u00e1lbum privado. Los n\u00fameros de ID del v\u00ednculo permanente se adivinan f\u00e1cilmente."}], "lastModified": "2017-07-06T01:29:00.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D356328-15B0-4402-94E6-8C16E09EB088", "versionEndIncluding": "2.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}