admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-10001xx/CVE-2018-1000133.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

135 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-1000133",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-03-16T14:29:44.847",
"lastModified": "2019-10-03T00:03:26.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator permissions within the web portal.. This attack appear to be exploitable via The user must be able to login, and could edit their profile and set the \"System Administrator\" permission to \"yes\" on themselves.. This vulnerability appears to have been fixed in 1.4.6 RC2."
},
{
"lang": "es",
"value": "Pitchfork, en su versi\u00f3n 1.4.6 RC1, contiene una vulnerabilidad de gesti\u00f3n incorrecta de privilegios en los componentes Trident Pitchfork que puede resultar en que un usuario est\u00e1ndar sin privilegios obtenga permisos de administrador en el portal web. El usuario debe ser capaz de iniciar sesi\u00f3n y podr\u00eda editar su perfil y establecer el permiso \"System Administrator\" en \"yes\" para s\u00ed mismo. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.4.6 RC2."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:secluded:trident:1.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "52F21E24-C1E2-4E41-B00C-FB5441CCD7CF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tridentli/pitchfork/commit/33549f15707801099e1253dd5e79369bd48eb59b",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tridentli/pitchfork/commit/9fd07cbe4f93e1367e142016e9a205366680dd54",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tridentli/pitchfork/issues/168",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/tridentli/trident/releases/tag/DEV_1.4.6-RC2",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://thomas-ward.net/security-advisories/trident-trusted-communications-platform-privilege-escalation-issue-advisory/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink