CVE-2014-0173

{"id": "CVE-2014-0173", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-22T13:06:27.023", "references": [{"url": "http://jetpack.me/2014/04/10/jetpack-security-update/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/57729", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/66789", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "El plugin Jetpack anterior a 1.9 anterior a 1.9.4, 2.0.x anterior a 2.0.9, 2.1.x anterior a 2.1.4, 2.2.x anterior a 2.2.7, 2.3.x anterior a 2.3.7, 2.4.x anterior a 2.4.4, 2.5.x anterior a 2.5.2, 2.6.x anterior a 2.6.3, 2.7.x anterior a 2.7.2, 2.8.x anterior a 2.8.2 y 2.9.x anterior a 2.9.3 para WordPress no restringe debidamente acceso al servicio XML-RPC, lo que permite a atacantes remotos evadir restricciones y publicar mensajes a trav\u00e9s de vectores no especificados. NOTA: algunos de estos detalles se obtienen de informaci\u00f3n de terceras partes."}], "lastModified": "2017-08-29T01:34:08.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:automattic:jetpack:1.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5465AA1E-D2F0-4152-A6E3-9FA232CCF47B"}, {"criteria": "cpe:2.3:a:automattic:jetpack:1.9.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "04AE244E-6F46-4A38-9A54-6E1DB84DE901"}, {"criteria": "cpe:2.3:a:automattic:jetpack:1.9.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3A11DA6F-046B-4E55-84A3-FA3BC58A9E88"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "96268538-B603-4164-BD80-D652A83A0DDC"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A9B6F00B-4B90-4933-8A06-7198A190FBE4"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "98DF6337-F098-4E62-B836-866C964E073E"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D307AB75-60CE-44BE-A6AD-DE8C53B81E64"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A5D4675F-AB54-4227-83BF-EE29EDFD7B0C"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BE126651-479E-4669-A4A8-445C45F0B39E"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.1.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CBACDFB5-1B3C-4BAC-B729-FF3249242F96"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.1.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D5BE7990-72DB-47D7-8795-3D2E55A89F68"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "50CE0762-101F-4C4A-A095-93B123430B91"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "50C87C2D-1E4E-42D4-8241-026FABE6A553"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "424DE391-BBAB-4F6F-A6B8-D4411C333C12"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "533E86A1-A1A0-45A4-9B57-F74E39F2D9B5"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B5F2C07B-7D37-4785-8FB9-BCE44D67C1E5"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6A70B3E3-E222-4980-BB89-3D031C9152DE"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "61DAD647-51F5-41A9-9E7A-4E29AF14CE0D"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9942C264-5C4B-4046-B3C7-F3CA95BFA2B7"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "43FA2519-9D13-4EC3-B43C-E8E334192B7F"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4F24E0A1-F7FC-4679-AD0F-BCAD09F039D3"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "63D784CB-AF36-480C-BD39-575EFA2174ED"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E10444B2-17DC-476C-9D25-4E4E4F857BD3"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CE26F4B0-4125-45A4-9942-3F4B4A4FD5EE"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.4.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "741CF1D7-5CF3-4A80-9E67-3994AB8F0819"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.4.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E0EBB7A8-7CA1-4B21-8CB7-1BCAACDE0023"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2A8B3F25-4ED3-4AFA-8DD5-452D0DB04AD4"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FD46AF5F-ED2B-4398-89EB-72C3BBDDB738"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.6.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3F19C429-7B02-4A3B-AEDD-F96C9A09C626"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "30163557-FBC3-4DFD-BDBC-1DCE2DE651DA"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "80D0896F-2EF5-44BA-A346-F55240DE4024"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "12E69FA4-004C-4F02-9151-4652D2A317CA"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.9.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "234DDD15-11B2-4CEF-8CF2-A4A9B35C4069"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.9.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "09018C46-240E-4496-8F9B-AC2D7FF912DD"}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.9.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D4981064-C981-4E52-9819-A00779873A74"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}