CVE-2017-2097

Published Apr 28, 2017

Last updated 5 years ago

CVSS high 8.8

Overview

Description: Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:support-project:knowledge:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEC7F9E8-B385-4A21-9B6A-8011289815CE",
            "versionEndIncluding": "1.4.1"
          },
          {
            "criteria": "cpe:2.3:a:support-project:knowledge:1.5.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C2C153A-43A9-4A40-88E3-118BB61FFAC1"
          },
          {
            "criteria": "cpe:2.3:a:support-project:knowledge:1.5.0:pre1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB0546EB-C968-4F59-B929-76A3E76F0EF7"
          },
          {
            "criteria": "cpe:2.3:a:support-project:knowledge:1.6.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4275BCDB-0E9C-4EB7-A821-0AFBB5D41C85"
          },
          {
            "criteria": "cpe:2.3:a:support-project:knowledge:1.6.0:pre1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DACD55B-9F2E-4F4C-B94F-A7304ED3633D"
          },
          {
            "criteria": "cpe:2.3:a:support-project:knowledge:1.6.0:pre2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5392E32-B41C-4A44-B889-FAEE16FAD349"
          },
          {
            "criteria": "cpe:2.3:a:support-project:knowledge:1.6.0:pre3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D18F3AD-03B4-482D-B445-DA2719D3E9B7"
          },
          {
            "criteria": "cpe:2.3:a:support-project:knowledge:1.6.0:pre4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BD07C49-822D-4B3F-B468-D6E187B0CA3E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References