Lucene search

K

GoogleOSV:CVE-2017-7178

HistoryMar 18, 2017 - 8:59 p.m.

CVE-2017-7178

2017-03-1820:59:00

Google

osv.dev

8

8.5 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its init.py file and (2) causing the victim to download, install, and enable this plugin.

References

dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14

git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583

git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9

seclists.org/fulldisclosure/2017/Mar/6

www.debian.org/security/2017/dsa-3856

www.securityfocus.com/bid/97041

bugs.debian.org/857903

security.gentoo.org/glsa/201703-06

8.5 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

Related for OSV:CVE-2017-7178

gentoo1 debian2 debiancve1 cve1 cvelist1 nessus4 ubuntucve1 osv2 openvas4 prion1 nvd1 suse1