6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.7%
Issue Overview:
Transmission relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack. (CVE-2018-5702)
Affected Packages:
transmission
Issue Correction:
Run yum update transmission to update your system.
New Packages:
i686:
transmission-cli-2.92-11.12.amzn1.i686
transmission-2.92-11.12.amzn1.i686
transmission-common-2.92-11.12.amzn1.i686
transmission-daemon-2.92-11.12.amzn1.i686
transmission-debuginfo-2.92-11.12.amzn1.i686
src:
transmission-2.92-11.12.amzn1.src
x86_64:
transmission-2.92-11.12.amzn1.x86_64
transmission-common-2.92-11.12.amzn1.x86_64
transmission-debuginfo-2.92-11.12.amzn1.x86_64
transmission-cli-2.92-11.12.amzn1.x86_64
transmission-daemon-2.92-11.12.amzn1.x86_64
Red Hat: CVE-2018-5702
Mitre: CVE-2018-5702
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.7%