CVE-2018-5702

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-5702

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5702.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-5702

Related

Published

2018-01-15T16:29:00Z

Modified

2025-01-14T07:34:37.001594Z

Downstream

openSUSE-SU-2024:11474-1

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

References

Affected packages

Debian:11 / transmission

Package

Name: transmission
Purl: pkg:deb/debian/transmission?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.92-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / transmission

Package

Name: transmission
Purl: pkg:deb/debian/transmission?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.92-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / transmission

Package

Name: transmission
Purl: pkg:deb/debian/transmission?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.92-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/transmission/transmission

Affected ranges

Type: GIT
Repo: https://github.com/transmission/transmission
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

67ef7b888c37fdb85a6d0733c1cc2f0f7c585f66

Affected versions

0.*

0.5

0.6

0.7

0.80

1.*

1.06

1.10

1.11

1.20

1.21

1.22

1.31

1.32

1.40

1.60

1.61

1.70

1.71

1.72

1.73

1.74

1.80

1.80b5

1.81

1.82

1.83

1.90

1.91

2.*

2.00

2.10

2.11

2.12

2.13

2.20

2.20b1

2.20b2

2.20b3

2.20b4

2.21

2.30

2.30b1

2.30b2

2.30b3

2.30b4

2.31

2.32

2.33

2.40

2.40b1

2.40b2

2.40b3

2.50

2.50b1

2.51

2.52

2.60

2.61

2.70

2.71

2.72

2.73

2.74

2.80

2.81

2.82

2.83

2.90

2.91

2.92