CVE-2017-18285

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-18285
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18285.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-18285
Published
2018-06-04T06:29:00Z
Modified
2024-09-03T01:47:37.388686Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.

References

Affected packages

Git / github.com/grke/burp

Affected ranges

Type
GIT
Repo
https://github.com/grke/burp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.1.40
1.1.51
1.1.55
1.1.57
1.1.65
1.1.70
1.2.0
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.3.0
1.3.1
1.3.10
1.3.12
1.3.14
1.3.16
1.3.18
1.3.2
1.3.20
1.3.22
1.3.24
1.3.26
1.3.28
1.3.30
1.3.32
1.3.34
1.3.36
1.3.4
1.3.6
1.3.8
1.4.0

2.*

2.0.20
2.0.22
2.0.24
2.0.26
2.0.28
2.0.30
2.0.32
2.0.34
2.0.36
2.0.38
2.0.40
2.0.42
2.0.44
2.0.48
2.0.50
2.0.52
2.1.0
2.1.10
2.1.12
2.1.14
2.1.18
2.1.2
2.1.20
2.1.22
2.1.24
2.1.26
2.1.28
2.1.30
2.1.4
2.1.6
2.1.8