CVE-2017-15052

{"id": "CVE-2017-15052", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2017-11-27T19:29:00.267", "references": [{"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_user\" on users.queries.php."}, {"lang": "es", "value": "Las versiones anteriores a la 2.1.27.9 de TeamPass no aplican correctamente el control de acceso de managers al solicitar users.queries.php. En ese caso, es posible que un usuario manager elimine un usuario arbitrario (incluyendo a un administrador) o que modifique atributos de cualquier usuario arbitrario excepto un administrador. Para explotar la vulnerabilidad, un atacante autenticado debe tener los derechos de manager de la aplicaci\u00f3n y alterar las peticiones enviadas directamente, por ejemplo cambiando el par\u00e1metro \"id\" al invocar \"delete_user\" en users.queries.php."}], "lastModified": "2024-11-21T03:14:00.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35D9C25C-1C7F-404B-B27E-00B1BC77A868", "versionEndExcluding": "2.1.27.9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}