CVE-2017-18430

Published Aug 2, 2019

Last updated 5 years ago

CVSS medium 4.7

Overview

Description: In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 4.7
Impact score: 3.4
Exploitability score: 1.2
Vector string: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB86F18E-DCE6-4780-9A4D-A95E1C44AD2B",
            "versionEndExcluding": "56.0.51",
            "versionStartIncluding": "55.9999.61"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E1655B2-A0F5-48FD-9A8C-03129C02A2DE",
            "versionEndExcluding": "58.0.52",
            "versionStartIncluding": "57.9999.48"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDBFF216-2F0A-48F8-9A4D-63179DFACD53",
            "versionEndExcluding": "60.0.45",
            "versionStartIncluding": "59.9999.58"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F646E95-64DD-4F95-9CF2-DD02A8E15931",
            "versionEndExcluding": "62.0.27",
            "versionStartIncluding": "61.9999.55"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64EC469B-7352-479A-B1A2-A8564B979477",
            "versionEndExcluding": "64.0.33",
            "versionStartIncluding": "63.9999.74"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53F31B57-361E-4D48-AF91-85DFA98D0011",
            "versionEndExcluding": "66.0.2",
            "versionStartIncluding": "65.9999.38"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References