CVE-2017-20052 : A vulnerability classified as problematic was found in Python 2.7.13. This vulne

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Published 2022-06-16 07:15:07

Updated 2022-11-05 02:27:51

Source VulDB

View at NVD, CVE.org

Products affected by CVE-2017-20052

Python » Python » Version: 2.7.13
cpe:2.3:a:python:python:2.7.13:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2017-20052

Top countries where our scanners detected CVE-2017-20052

Top open port discovered on systems with this issue 443

IPs affected by CVE-2017-20052 6,264

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-20052!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-20052

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-20052

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
5.0	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L	1.6	3.4	VulDB
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-20052

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Assigned by:
- cna@vuldb.com (Primary)
- nvd@nist.gov (Secondary)

References for CVE-2017-20052

https://security.netapp.com/advisory/ntap-20220804-0005/

CVE-2017-20052 Python Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://vuldb.com/?id.97822

CVE-2017-20052 | Python pgAdmin4 uncontrolled search path
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Feb/92

Full Disclosure: Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution
Exploit;Mailing List;Third Party Advisory