CVE-2017-20199

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS v3 3.1 LOW
CVSS v2.0 2.6 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/buttercup/buttercup-browser-extension/issues/92	Issue Tracking
https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-358449755	Issue Tracking
https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430	Issue Tracking
https://github.com/buttercup/buttercup-browser-extension/pull/89	Patch
https://github.com/buttercup/buttercup-browser-extension/releases/tag/v1.0.1	Release Notes
https://vuldb.com/?ctiid.319969	Permissions Required VDB Entry
https://vuldb.com/?id.319969	Third Party Advisory VDB Entry
https://vuldb.com/?submit.628170	Third Party Advisory VDB Entry
https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:buttercup:buttercup:*:*:*:*:*:*:*:*

History

27 Aug 2025, 14:57

Type	Values Removed	Values Added
First Time		Buttercup Buttercup buttercup
References	~~() https://github.com/buttercup/buttercup-browser-extension/issues/92 -~~	() https://github.com/buttercup/buttercup-browser-extension/issues/92 - Issue Tracking
References	~~() https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-358449755 -~~	() https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-358449755 - Issue Tracking
References	~~() https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430 -~~	() https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430 - Issue Tracking
References	~~() https://github.com/buttercup/buttercup-browser-extension/pull/89 -~~	() https://github.com/buttercup/buttercup-browser-extension/pull/89 - Patch
References	~~() https://github.com/buttercup/buttercup-browser-extension/releases/tag/v1.0.1 -~~	() https://github.com/buttercup/buttercup-browser-extension/releases/tag/v1.0.1 - Release Notes
References	~~() https://vuldb.com/?ctiid.319969 -~~	() https://vuldb.com/?ctiid.319969 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.319969 -~~	() https://vuldb.com/?id.319969 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.628170 -~~	() https://vuldb.com/?submit.628170 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:a:buttercup:buttercup::::::::

24 Aug 2025, 06:15

Type	Values Removed	Values Added
Summary	(en) A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.	(en) A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.

18 Aug 2025, 17:15

Type	Values Removed	Values Added
Summary	(en) A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The identifier of the patch is 89. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer.	(en) A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.

18 Aug 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430 -~~	() https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430 -
Summary		(es) Se encontró una vulnerabilidad en Buttercup buttercup-browser-extension hasta la versión 0.14.2. Esta vulnerabilidad afecta a una funcionalidad desconocida. La manipulación conlleva controles de acceso inadecuados. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. Actualizar a la versión 1.0.1 puede solucionar este problema. El identificador del parche es 89. Se recomienda actualizar el componente afectado. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante.

16 Aug 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-16 00:15

Updated : 2025-08-27 14:57

NVD link : CVE-2017-20199

Mitre link : CVE-2017-20199

CVE.ORG link : CVE-2017-20199

JSON object : View

Products Affected

buttercup

buttercup

CWE

CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

3.1 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-20199

3.1^/10

2.6^/10

Attach tags to `CVE-2017-20199`