cve-2017-20052
Vulnerability from cvelistv5
Published
2022-06-16 06:15
Modified
2024-08-05 21:45
Severity ?
EPSS score ?
Summary
Python pgAdmin4 uncontrolled search path
References
▼ | URL | Tags | |
---|---|---|---|
cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Feb/92 | Exploit, Mailing List, Third Party Advisory | |
cna@vuldb.com | https://security.netapp.com/advisory/ntap-20220804-0005/ | Third Party Advisory | |
cna@vuldb.com | https://vuldb.com/?id.97822 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Feb/92 | Exploit, Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220804-0005/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.97822 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | Python |
Version: 2.7.13 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:45:25.243Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2017/Feb/92" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vuldb.com/?id.97822" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220804-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Python", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "2.7.13" } ] } ], "credits": [ { "lang": "en", "value": "Karn Ganeshen" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-04T17:06:42", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://seclists.org/fulldisclosure/2017/Feb/92" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vuldb.com/?id.97822" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220804-0005/" } ], "title": "Python pgAdmin4 uncontrolled search path", "x_generator": "vuldb.com", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2017-20052", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "Python pgAdmin4 uncontrolled search path" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Python", "version": { "version_data": [ { "version_value": "2.7.13" } ] } } ] }, "vendor_name": "" } ] } }, "credit": "Karn Ganeshen", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." } ] }, "generator": "vuldb.com", "impact": { "cvss": { "baseScore": "5.0", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-427 Uncontrolled Search Path" } ] } ] }, "references": { "reference_data": [ { "name": "http://seclists.org/fulldisclosure/2017/Feb/92", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2017/Feb/92" }, { "name": "https://vuldb.com/?id.97822", "refsource": "MISC", "url": "https://vuldb.com/?id.97822" }, { "name": "https://security.netapp.com/advisory/ntap-20220804-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220804-0005/" } ] } } } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2017-20052", "datePublished": "2022-06-16T06:15:20", "dateReserved": "2022-06-13T00:00:00", "dateUpdated": "2024-08-05T21:45:25.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-20052\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2022-06-16T07:15:07.190\",\"lastModified\":\"2024-11-21T03:22:31.583\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Python versi\u00f3n 2.7.13. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente pgAdmin4. La manipulaci\u00f3n conlleva una ruta de b\u00fasqueda no controlada. El ataque puede iniciarse de forma remota. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:2.7.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E09FAE5D-232B-4DD9-99AC-66DFFE809375\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2017/Feb/92\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220804-0005/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.97822\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Feb/92\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220804-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.97822\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.