CVE-2017-0907

Published Nov 13, 2017
Last updated 5 years ago
CVSS critical 9.8
Overview

Description: The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.
Source: support@hackerone.com
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-918
support@hackerone.com: CWE-918
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22F2D2A1-3C64-4CAA-B2A2-C254C95A49C1"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3DDFA06-B2FD-4AB9-8423-4C76BC9FAE8D"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EA7A613-E55F-49EB-87E8-9CB83EF3DDA7"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4765C91E-5DCB-4B54-AD73-907CC374C7A0"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95C307C3-F550-49A3-9FD5-2418AB484C4A"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FA86E3D-2D2C-4750-8BBC-0EAE302DF47B"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3802F42-F46A-4BB6-B8C7-7625E2846488"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66235403-14C1-4AF5-AB74-748B95E85CD7"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D8A19AA-7D3C-416F-BBFC-5A91DAB6583D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15DDF496-99E4-4330-B064-5FBB58E36D64"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46A04580-65DE-4D17-9195-E5B83C9F498C"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48E14FE3-8E6A-4F4F-83FB-792BCBA320C7"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4082835-F0C2-4580-ACBE-80E0F7CB0E0E"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC035AE8-1922-406B-86C2-25FE8C132A45"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9F7A853-7A45-4B0A-A800-716065682ECC"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A9989A7-8F01-43DE-8811-2B132829AE9F"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E128EAA-909C-41C2-A4B1-517A7BE79881"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E9608C6-524B-4511-91CD-4B30E482B1AD"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58CF4244-145B-4C16-AC5E-9C2286E10E2C"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C63D2400-E9D2-4FA2-AB6F-ECA8809CF4B6"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "930D66DD-FD21-4E5E-8502-21489B74E32E"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC8642A6-8181-4B76-8E1F-2FF0420B2AD9"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B780FA8-EA5E-4D4E-A9D7-40963AB676F7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F76037C8-C915-491E-BDDE-E69C7720C898"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1604EB87-941B-490E-B7CD-0827D7DB0382"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AAD3042-2278-4B7F-B1F3-FFEEB8406C29"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFFB2017-5596-41BD-A6B1-2C947CF6269C"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C7ABDA3-A5F5-4830-A245-1AF2923D81B2"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4B36C09-CA2A-4F2E-A3CA-7E5A1D2ECB8C"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E8DB124-C085-4C82-9B0C-9B50180FE1D6"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B638025-55AF-4E10-8689-1934F393EACD"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7C753D4-1973-4A6B-BDCF-859A265E2693"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F8D5C9E-97DD-43BE-BEF3-389EF3A26684"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F875658-9A48-4E5B-9B02-8481A0F6DA98"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B73B2B38-8C74-47B7-93FF-5C165776A9B2"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E021CE8-FCA0-48F5-B8A1-B0B1F2F82A12"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E1780C-E158-494F-B13A-283CA1AEDEC8"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3873854-6D94-4864-8334-1546D9222638"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF70745E-F60D-4187-B88F-42F85A910AC4"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC33AF32-C64D-49EE-82FA-DB8F84581DD8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A25ED87A-E450-453E-A9A9-F11C36665BA8"
          },
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0BB8A73-CA7E-482E-B30C-E6E40DC2D864"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79B6C617-FED1-4303-A38A-6FD791DA059C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97CE0391-24BA-4AAF-B600-2B153D95F272"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
