CVE-2014-4987

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html	Third Party Advisory
http://secunia.com/advisories/60397	Permissions Required
http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php	Vendor Advisory
http://www.securityfocus.com/bid/68804
https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5
https://security.gentoo.org/glsa/201505-03
http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html	Third Party Advisory
http://secunia.com/advisories/60397	Permissions Required
http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php	Vendor Advisory
http://www.securityfocus.com/bid/68804
https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5
https://security.gentoo.org/glsa/201505-03

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:::::::*

History

21 Nov 2024, 02:11

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html - Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html - Third Party Advisory
References	~~() http://secunia.com/advisories/60397 - Permissions Required~~	() http://secunia.com/advisories/60397 - Permissions Required
References	~~() http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php - Vendor Advisory~~	() http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/68804 -~~	() http://www.securityfocus.com/bid/68804 -
References	~~() https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5 -~~	() https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5 -
References	~~() https://security.gentoo.org/glsa/201505-03 -~~	() https://security.gentoo.org/glsa/201505-03 -

Information

Published : 2014-07-20 11:12

Updated : 2024-11-21 02:11

NVD link : CVE-2014-4987

Mitre link : CVE-2014-4987

CVE.ORG link : CVE-2014-4987

JSON object : View

Products Affected

opensuse

opensuse

phpmyadmin

phpmyadmin

CWE

CWE-264

Permissions, Privileges, and Access Controls

4.0 /10