{ "id": "CVE-2014-0173", "sourceIdentifier": "secalert@redhat.com", "published": "2014-04-22T13:06:27.023", "lastModified": "2024-11-21T02:01:33.533", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information." }, { "lang": "es", "value": "El plugin Jetpack anterior a 1.9 anterior a 1.9.4, 2.0.x anterior a 2.0.9, 2.1.x anterior a 2.1.4, 2.2.x anterior a 2.2.7, 2.3.x anterior a 2.3.7, 2.4.x anterior a 2.4.4, 2.5.x anterior a 2.5.2, 2.6.x anterior a 2.6.3, 2.7.x anterior a 2.7.2, 2.8.x anterior a 2.8.2 y 2.9.x anterior a 2.9.3 para WordPress no restringe debidamente acceso al servicio XML-RPC, lo que permite a atacantes remotos evadir restricciones y publicar mensajes a trav\u00e9s de vectores no especificados. NOTA: algunos de estos detalles se obtienen de informaci\u00f3n de terceras partes." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-264" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:1.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5465AA1E-D2F0-4152-A6E3-9FA232CCF47B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:1.9.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "04AE244E-6F46-4A38-9A54-6E1DB84DE901" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:1.9.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3A11DA6F-046B-4E55-84A3-FA3BC58A9E88" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "96268538-B603-4164-BD80-D652A83A0DDC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A9B6F00B-4B90-4933-8A06-7198A190FBE4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.0.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "98DF6337-F098-4E62-B836-866C964E073E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.0.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D307AB75-60CE-44BE-A6AD-DE8C53B81E64" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.0.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A5D4675F-AB54-4227-83BF-EE29EDFD7B0C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BE126651-479E-4669-A4A8-445C45F0B39E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CBACDFB5-1B3C-4BAC-B729-FF3249242F96" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.1.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D5BE7990-72DB-47D7-8795-3D2E55A89F68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "50CE0762-101F-4C4A-A095-93B123430B91" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.2.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "50C87C2D-1E4E-42D4-8241-026FABE6A553" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.2.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "424DE391-BBAB-4F6F-A6B8-D4411C333C12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.2.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "533E86A1-A1A0-45A4-9B57-F74E39F2D9B5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.2.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B5F2C07B-7D37-4785-8FB9-BCE44D67C1E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.2.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6A70B3E3-E222-4980-BB89-3D031C9152DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "61DAD647-51F5-41A9-9E7A-4E29AF14CE0D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9942C264-5C4B-4046-B3C7-F3CA95BFA2B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.3.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "43FA2519-9D13-4EC3-B43C-E8E334192B7F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.3.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4F24E0A1-F7FC-4679-AD0F-BCAD09F039D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.3.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "63D784CB-AF36-480C-BD39-575EFA2174ED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.3.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E10444B2-17DC-476C-9D25-4E4E4F857BD3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CE26F4B0-4125-45A4-9942-3F4B4A4FD5EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.4.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "741CF1D7-5CF3-4A80-9E67-3994AB8F0819" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E0EBB7A8-7CA1-4B21-8CB7-1BCAACDE0023" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2A8B3F25-4ED3-4AFA-8DD5-452D0DB04AD4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FD46AF5F-ED2B-4398-89EB-72C3BBDDB738" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.6.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3F19C429-7B02-4A3B-AEDD-F96C9A09C626" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "30163557-FBC3-4DFD-BDBC-1DCE2DE651DA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "80D0896F-2EF5-44BA-A346-F55240DE4024" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "12E69FA4-004C-4F02-9151-4652D2A317CA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.9.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "234DDD15-11B2-4CEF-8CF2-A4A9B35C4069" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.9.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "09018C46-240E-4496-8F9B-AC2D7FF912DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:automattic:jetpack:2.9.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D4981064-C981-4E52-9819-A00779873A74" } ] } ] } ], "references": [ { "url": "http://jetpack.me/2014/04/10/jetpack-security-update/", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/57729", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/66789", "source": "secalert@redhat.com" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560", "source": "secalert@redhat.com" }, { "url": "http://jetpack.me/2014/04/10/jetpack-security-update/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://secunia.com/advisories/57729", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/66789", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }