Lucene search

PRIOn knowledge basePRION:CVE-2017-7178

HistoryMar 18, 2017 - 8:59 p.m.

Cross site request forgery (csrf)

2017-03-1820:59:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its init.py file and (2) causing the victim to download, install, and enable this plugin.

CPENameOperatorVersion
debian_linuxeq8.0
delugelt1.3.14

CPE	Name	Operator	Version
	debian_linux	eq	8.0
	deluge	lt	1.3.14

References

dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14

git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583

git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9

seclists.org/fulldisclosure/2017/Mar/6

www.debian.org/security/2017/dsa-3856

www.securityfocus.com/bid/97041

bugs.debian.org/857903

security.gentoo.org/glsa/201703-06