CVE-2017-5982
published 2017-02-28CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot…
PriorityP272high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
77.63%
99.5th percentile
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kodi | < kodi 2:18.6+dfsg1-1 (bookworm) | kodi 2:18.6+dfsg1-1 (bookworm) |
| kodi | kodi | — | — |
| kodi | kodi | >= 0 < 2:18.6+dfsg1-1 | 2:18.6+dfsg1-1 |
| kodi | kodi | >= 0 < 2:18.6+dfsg1-1 | 2:18.6+dfsg1-1 |
| kodi | kodi | >= 0 < 2:18.6+dfsg1-1 | 2:18.6+dfsg1-1 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
%2E%2E%252e
- →Look for HTTP GET requests to the /image/ endpoint containing double-encoded dot-dot sequences (%252e or %252f) in the path, indicative of directory traversal attempts against Kodi's Chorus2 web interface. ↗
- →A successful exploitation response will return HTTP 200 with /etc/passwd content; match on 'root:[x*]:0:0' in the response body to confirm file read. ↗
- →The vulnerability resides specifically in the Chorus2 2.4.2 add-on for Kodi (versions before 17.1); target detection at Kodi's default web interface port. ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability: modules/auxiliary/scanner/http/kodi_traversal.rb — presence of this module in use can be detected via its characteristic HTTP request patterns. ↗
- ·The vulnerability is exploitable without authentication (PR:N, UI:N), meaning no credentials are required to trigger the directory traversal. ↗
- ·Exploitation requires double URL-encoding of the traversal sequence; single-encoded traversal attempts (%2e%2e%2f) may not trigger the vulnerability and could produce false negatives in detection. ↗
- ·Debian-based systems running Kodi >= 2:18.6+dfsg1-1 are patched; detection rules should account for patched deployments to reduce false positives. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4x55-4hhv-gr9v: Directory traversal vulnerability in the Chorus2 2
ghsa_unreviewed·2022-05-17
CVE-2017-5982 [HIGH] CWE-22 GHSA-4x55-4hhv-gr9v: Directory traversal vulnerability in the Chorus2 2
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
OSV
CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2
osv·2017-02-28·CVSS 7.5
CVE-2017-5982 [HIGH] CVE-2017-5982: Directory traversal vulnerability in the Chorus2 2
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
Debian
CVE-2017-5982: kodi - Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows re...
vendor_debian·2017·CVSS 7.5
CVE-2017-5982 [HIGH] CVE-2017-5982: kodi - Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows re...
Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.
Scope: local
bookworm: resolved (fixed in 2:18.6+dfsg1-1)
bullseye: resolved (fixed in 2:18.6+dfsg1-1)
sid: resolved (fixed in 2:18.6+dfsg1-1)
trixie: resolved (fixed in 2:18.6+dfsg1-1)
No detection rules found.
Nuclei
Kodi 17.1 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2017-5982 [HIGH] Kodi 17.1 - Local File Inclusion
Kodi 17.1 - Local File Inclusion
Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input.
Template:
id: CVE-2017-5982
info:
name: Kodi 17.1 - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input.
impact: |
Unauthenticated attackers can read arbitrary files on the system, potentially exposing sensitive information, credentials, and configuration files.
remediation: |
Upgrade Kodi to a version that is not affected by the CVE-2017-5982 vulnerability.
reference:
- https://cxsecurity.com/issue/WLB-2017020164
- https://www.exploit-db.com/exploits/41312/
- https://nvd.nist.gov/vuln/detail/CVE-2017-5982
- https:
Metasploit
Kodi 17.0 Local File Inclusion Vulnerability
metasploit
Kodi 17.0 Local File Inclusion Vulnerability
Kodi 17.0 Local File Inclusion Vulnerability
This module exploits a directory traversal flaw found in Kodi before 17.1.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.htmlhttp://seclists.org/fulldisclosure/2017/Feb/27http://www.securityfocus.com/bid/96481https://lists.debian.org/debian-lts-announce/2024/01/msg00009.htmlhttps://www.exploit-db.com/exploits/41312/http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.htmlhttp://seclists.org/fulldisclosure/2017/Feb/27http://www.securityfocus.com/bid/96481https://lists.debian.org/debian-lts-announce/2024/01/msg00009.htmlhttps://www.exploit-db.com/exploits/41312/
2017-02-28
Published