CVE-2017-1000192 - Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality

CVE-2017-1000192

Summary

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.

References

https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901

Vulnerable Configurations

cpe:2.3:a:cygnux:syspass:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.15:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.15:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.17:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.17:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.18:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.18:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.19:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.19:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.20:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.20:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.21:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.21:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.22:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.22:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.23:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.23:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.24:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.1.2.24:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.01:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.01:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.02:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.02:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.03:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.03:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.04:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.04:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.05:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.05:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.06:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.06:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.07:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.07:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.08:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.08:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.09:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.09:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:1.2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011201:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011201:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011202:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011202:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011203:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011203:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011204:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011204:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011301:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011301:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011302:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011302:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011602:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011602:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011901:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17011901:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012301:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012301:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012401:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012401:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012402:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012402:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012501:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012501:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012701:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17012701:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17013001:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17013001:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17020101:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17020101:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17020201:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17020201:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17021301:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17021301:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17021302:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17021302:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17021601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.0.17021601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.1.17010901:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.0.1.17010901:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.0.17022601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.0.17022601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.0.17030201:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.0.17030201:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.1.17030601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.1.17030601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.2.17031401:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.2.17031401:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.3.17031601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.3.17031601:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.4.17032801:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.4.17032801:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.5.17041201:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.5.17041201:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.6.17041401:*:*:*:*:*:*:*
cpe:2.3:a:cygnux:syspass:2.1.6.17041401:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

confirm

https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901

Last major update

03-10-2019 - 00:03

Published

17-11-2017 - 17:29

Last modified

03-10-2019 - 00:03