CVE-2017-20052
Python pgAdmin4 uncontrolled search path
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Se ha encontrado una vulnerabilidad clasificada como problemática en Python versión 2.7.13. Esta vulnerabilidad afecta a código desconocido del componente pgAdmin4. La manipulación conlleva una ruta de búsqueda no controlada. El ataque puede iniciarse de forma remota. La explotación ha sido revelada al público y puede ser usada
*Credits:
Karn Ganeshen
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-13 CVE Reserved
- 2022-06-16 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20220804-0005 | Third Party Advisory | |
https://vuldb.com/?id.97822 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
http://seclists.org/fulldisclosure/2017/Feb/92 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|