QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-20199

Back to search

CVE-2017-20199

Published: Aug 15, 2025

Modified: Aug 27, 2025

PUBLISHED

CVSS v3.1

3.1

LOW

Description

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.

VendorProductVersions

Buttercup

buttercup-browser-extension

affected
0.14.0
affected
0.14.1
affected
0.14.2
unaffected
1.0.1

Weaknesses (CWE)

CWE-284
CWE-266

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

VDB-319969 | CTI Indicators (IOB, IOC, TTP)
signature
permissions-required

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now