Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.
References
Link | Resource |
---|---|
https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901 | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:23:10
Updated: 2022-10-03T16:23:10
Reserved: 2022-10-03T00:00:00
Link: CVE-2017-1000192
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-17T17:29:00.257
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-1000192
JSON object: View
Redhat Information
No data.
CWE