PT-2017-10889 · Cygnux · Syspass
Artem
·
Published
2017-11-17
·
Updated
2019-10-03
·
CVE-2017-1000192
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cygnux sysPass versions 2.1.7 and older
Description
The issue allows for Local File Inclusion in the functionality of javascript files inclusion, enabling an attacker to read sensitive information such as configuration files containing database login and password, private encryption key, and other sensitive data.
Recommendations
For Cygnux sysPass versions 2.1.7 and older, update to a version newer than 2.1.7 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Syspass