Published: 18/03/2017 Updated: 08/07/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CSRF exists in the web UI in Deluge prior to 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
deluge-torrent deluge
debian debian linux 8.0

Debian Bug report logs - #857903 deluge: CVE-2017-7178: WebUI CSRF vulnerability Package: deluge-webui; Maintainer for deluge-webui is Cristian Greco <cristian@debianorg>; Source for deluge-webui is src:deluge (PTS, buildd, popcon) Reported by: Jonatan Nyberg <jonatan@autisticiorg> Date: Thu, 16 Mar 2017 09:27:05 U ...

<!-- Remote code execution via CSRF vulnerability in the web UI of Deluge 1313 Kyle Neideck, February 2017 Product ------- Deluge is a BitTorrent client available from deluge-torrentorg Fix --- Fixed in the (public) source code, but not in binary releases yet See gitdeluge-torrentorg/deluge/commit/?h=develop&id=11e ...

CWE-352 http://seclists.org/fulldisclosure/2017/Mar/6 http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9 http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583 https://bugs.debian.org/857903 http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14 http://www.securityfocus.com/bid/97041 https://security.gentoo.org/glsa/201703-06 http://www.debian.org/security/2017/dsa-3856 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857903 https://nvd.nist.gov https://www.exploit-db.com/exploits/41541/

CVE-2017-7178

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect