VDB
CVE-2017-7178
CVE-2017-7178
PUBLISHED
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
EPSS 1.23% · 79.5th percentile
Risk Scores
EPSS Score
1.23%
79.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | deluge | 0, 1.3.12-1ubuntu1 |
Exploit Intelligence
- http://seclists.org/fulldisclosure/2017/Mar/6 (nist-nvd)
- CIRCL seen: CVE-2017-7178 (circl-sighting)
- CIRCL seen: CVE-2017-7178 (circl-sighting)
- http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9 (circl)
- http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14 (circl)
- 97041 (circl)
- https://bugs.debian.org/857903 (circl)
- DSA-3856 (circl)
- GLSA-201703-06 (circl)
- http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583 (circl)
Timeline
- Mar 18, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7178 third-party-advisory
- http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583 third-party-advisory
- http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14 third-party-advisory
- http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9 third-party-advisory
- http://seclists.org/fulldisclosure/2017/Mar/6 third-party-advisory
- https://bugs.debian.org/857903 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7178 third-party-advisory