CVE-2017-20199

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 3.1 LOW
CVSS v2.0 2.6 LOW

3.1^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/buttercup/buttercup-browser-extension/issues/92	Issue Tracking
https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-358449755	Issue Tracking
https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430	Issue Tracking
https://github.com/buttercup/buttercup-browser-extension/pull/89	Patch
https://github.com/buttercup/buttercup-browser-extension/releases/tag/v1.0.1	Release Notes
https://vuldb.com/?ctiid.319969	Permissions Required VDB Entry
https://vuldb.com/?id.319969	Third Party Advisory VDB Entry
https://vuldb.com/?submit.628170	Third Party Advisory VDB Entry
https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:buttercup:buttercup:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-16 00:15

Updated : 2025-08-27 14:57

NVD link : CVE-2017-20199

Mitre link : CVE-2017-20199

CVE.ORG link : CVE-2017-20199

JSON object : View

Products Affected

buttercup

buttercup

CWE

CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

{"id": "CVE-2017-20199", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "cna@vuldb.com"}], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-16T00:15:25.553", "references": [{"url": "https://github.com/buttercup/buttercup-browser-extension/issues/92", "tags": ["Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-358449755", "tags": ["Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430", "tags": ["Issue Tracking"], "source": "cna@vuldb.com"}, {"url": "https://github.com/buttercup/buttercup-browser-extension/pull/89", "tags": ["Patch"], "source": "cna@vuldb.com"}, {"url": "https://github.com/buttercup/buttercup-browser-extension/releases/tag/v1.0.1", "tags": ["Release Notes"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.319969", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.319969", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.628170", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430", "tags": ["Issue Tracking"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Buttercup buttercup-browser-extension hasta la versi\u00f3n 0.14.2. Esta vulnerabilidad afecta a una funcionalidad desconocida. La manipulaci\u00f3n conlleva controles de acceso inadecuados. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 1.0.1 puede solucionar este problema. El identificador del parche es 89. Se recomienda actualizar el componente afectado. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante."}], "lastModified": "2025-08-27T14:57:18.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:buttercup:buttercup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFA9CE7-D3B7-40E8-85F7-7BF7101B179A", "versionEndExcluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}