cve-2017-10679
Vulnerability from cvelistv5
Published
2017-06-29 21:00
Modified
2024-08-05 17:41
Severity ?
Summary
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.
References
cve@mitre.orghttp://www.securityfocus.com/bid/99380
cve@mitre.orghttps://github.com/Piwigo/Piwigo/issues/721Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/Piwigo/Piwigo/issues/723Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99380
af854a3a-2127-422b-91ae-364da2661108https://github.com/Piwigo/Piwigo/issues/721Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Piwigo/Piwigo/issues/723Issue Tracking, Patch, Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:41:55.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99380",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99380"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Piwigo/Piwigo/issues/721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Piwigo/Piwigo/issues/723"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-05T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "99380",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99380"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Piwigo/Piwigo/issues/721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Piwigo/Piwigo/issues/723"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10679",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99380",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99380"
            },
            {
              "name": "https://github.com/Piwigo/Piwigo/issues/721",
              "refsource": "CONFIRM",
              "url": "https://github.com/Piwigo/Piwigo/issues/721"
            },
            {
              "name": "https://github.com/Piwigo/Piwigo/issues/723",
              "refsource": "CONFIRM",
              "url": "https://github.com/Piwigo/Piwigo/issues/723"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10679",
    "datePublished": "2017-06-29T21:00:00",
    "dateReserved": "2017-06-29T00:00:00",
    "dateUpdated": "2024-08-05T17:41:55.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-10679\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-06-29T21:29:00.237\",\"lastModified\":\"2024-11-21T03:06:16.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.\"},{\"lang\":\"es\",\"value\":\"Piwigo hasta la versi\u00f3n 2.9.1 permite que atacantes remotos obtengan informaci\u00f3n sensible sobre el nombre descriptivo de un v\u00ednculo permanente examinando la URL de redirecci\u00f3n que se devuelve en una petici\u00f3n para el n\u00famero de ID del v\u00ednculo permanente de un \u00e1lbum privado. Los n\u00fameros de ID del v\u00ednculo permanente se adivinan f\u00e1cilmente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.9.1\",\"matchCriteriaId\":\"5D356328-15B0-4402-94E6-8C16E09EB088\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99380\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/Piwigo/Piwigo/issues/721\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Piwigo/Piwigo/issues/723\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99380\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/Piwigo/Piwigo/issues/721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Piwigo/Piwigo/issues/723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.