Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.
References
Link | Resource |
---|---|
https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901 | Release Notes Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-11-17 17:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-1000192
Mitre link : CVE-2017-1000192
CVE.ORG link : CVE-2017-1000192
JSON object : View
Products Affected
cygnux
- syspass
CWE