CVE-2017-18285 — Incorrect Permission Assignment in Project Burp

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 87.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Burp Project Burp Debian Burp

Timeline

PublishedJun 4

Latest updateMay 13

Description

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDburp_project/burp< 2.1.32

▶debiandebian/burp

🔴Vulnerability Details

GHSA

GHSA-x64c-p5r4-mg49: The Gentoo app-backup/burp package before 2↗2022-05-13

▶

📋Vendor Advisories

Debian

CVE-2017-18285: burp - The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership o...↗2017

▶