CVE-2017-7552 - OpenCVE

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Mobile Application Platform

Configuration 1 [-]

cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2017:2674
https://access.redhat.com/errata/RHSA-2017:2675
https://bugzilla.redhat.com/show_bug.cgi?id=1477797	Issue Tracking

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-09-28T20:00:00

Updated: 2017-12-30T10:57:01

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7552

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-29T01:34:50.373

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-7552

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-30T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:2674", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2674"}, {"name": "RHSA-2017:2675", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2675"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-7552", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:2674", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2674"}, {"name": "RHSA-2017:2675", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2675"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7552", "datePublished": "2017-09-28T20:00:00", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2017-12-30T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:mobile_application_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "E67D227E-8AAE-4C87-8318-B6E465CA44CF", "versionEndIncluding": "4.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en el editor de archivos de milicore que afecta a las versiones anteriores a la 3.19.0 y a las versiones 4.x anteriores a la 4.5.0, lo que permite que los archivos se ejecuten y se creen. Un atacante podr\u00eda aprovechar esta vulnerabilidad para comprometer otros proyectos de usuarios o equipos almacenados en el sistema de control de c\u00f3digo fuente (SCM) de la instalaci\u00f3n RHMAP Core."}], "id": "CVE-2017-7552", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-29T01:34:50.373", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2674"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2675"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477797"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}