admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-08-12 02:57:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-126xx/CVE-2017-12677.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

129 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-12677",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-08-08T01:34:00.033",
"lastModified": "2017-08-16T14:53:53.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response."
},
{
"lang": "es",
"value": "IdentityServer3 2.4.x, 2.5.x, y 2.6.x en las versiones anteriores a 2.6.1 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en una expresi\u00f3n angular en la p\u00e1gina de respuesta de autorizaci\u00f3n. Esto podr\u00eda permitir que atacantes remotos consigan informaci\u00f3n sensible sobre la respuesta de autorizaci\u00f3n IdentityServer."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:identityserver:identityserver3:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF405C9-6A11-4C7D-90B9-F8A5BDD0FAC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:identityserver:identityserver3:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC186893-6E04-43D5-8084-6EDE5F93F28C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:identityserver:identityserver3:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1419C7-0715-4D76-8782-98ACBA213FC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:identityserver:identityserver3:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0399752-06F5-4B8E-AE29-028C628C3748"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:identityserver:identityserver3:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "359AD70A-EFAC-4F4F-9AE3-AC155BDA9A67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:identityserver:identityserver3:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD2B612-6047-4ACB-A5A5-801CDC5E012A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IdentityServer/IdentityServer3/releases/tag/2.6.1",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink