Vulnerability-Lookup

CVE-2017-2166 (GCVE-0-2017-2166)

Vulnerability from cvelistv5 – Published: 2018-01-26 16:00 – Updated: 2024-08-05 13:48

Summary

Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Severity

No CVSS data available.

CWE

Open Redirect

Assigner

jpcert

References

1 reference

URL	Tags
https://jvn.jp/en/jp/JVN26200083/index.html	third-party-advisoryx_refsource_JVN

Impacted products

1 product

Vendor	Product	Version
Japan Total System Co.,Ltd.	GroupSession	Affected: version 4.7.0 and earlier

Date Public

2018-01-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#26200083",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN26200083/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GroupSession",
          "vendor": "Japan Total System Co.,Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "version 4.7.0 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2018-01-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open Redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-26T15:57:01.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#26200083",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN26200083/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GroupSession",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 4.7.0 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Japan Total System Co.,Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Open Redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#26200083",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN26200083/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2166",
    "datePublished": "2018-01-26T16:00:00.000Z",
    "dateReserved": "2016-12-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T13:48:05.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-2166",
      "date": "2026-05-28",
      "epss": "0.00175",
      "percentile": "0.38709"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:groupsession:groupsession:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.7.0\", \"matchCriteriaId\": \"A6DE3005-24BF-4A5C-8E57-7DD46D2C04DE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de redirecci\\u00f3n abierta en GroupSession en versiones 4.7.0 y anteriores permite que un atacante remoto redireccione a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar.\"}]",
      "id": "CVE-2017-2166",
      "lastModified": "2024-11-21T03:23:01.143",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-01-26T16:29:00.210",
      "references": "[{\"url\": \"https://jvn.jp/en/jp/JVN26200083/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN26200083/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2166\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2018-01-26T16:29:00.210\",\"lastModified\":\"2024-11-21T03:23:01.143\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de redirecci\u00f3n abierta en GroupSession en versiones 4.7.0 y anteriores permite que un atacante remoto redireccione a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:groupsession:groupsession:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.7.0\",\"matchCriteriaId\":\"A6DE3005-24BF-4A5C-8E57-7DD46D2C04DE\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN26200083/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jvn.jp/en/jp/JVN26200083/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2018-04328

Vulnerability from cnvd - Published: 2018-03-06

Title

Japan Total System GroupSession开放重定向漏洞

Description

Japan Total System GroupSession是日本Japan Total System（JTS）公司的一个群件项目，以方便企业和组织的沟通，旨在促进信息共享。 Japan Total System GroupSession 4.7.0及之前版本中存在开放重定向漏洞。攻击者可利用该漏洞将用户重定向到任意网站，实施钓鱼攻击。

Severity

中

Patch Name

Japan Total System GroupSession开放重定向漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://groupsession.jp/

Reference

http://jvn.jp/en/jp/JVN26200083/

Impacted products

Name
Japan Total System Co.,Ltd. GroupSession <=4.7.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2166"
    }
  },
  "description": "Japan Total System GroupSession\u662f\u65e5\u672cJapan Total System\uff08JTS\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7fa4\u4ef6\u9879\u76ee\uff0c\u4ee5\u65b9\u4fbf\u4f01\u4e1a\u548c\u7ec4\u7ec7\u7684\u6c9f\u901a\uff0c\u65e8\u5728\u4fc3\u8fdb\u4fe1\u606f\u5171\u4eab\u3002\r\n\r\nJapan Total System GroupSession 4.7.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610f\u7f51\u7ad9\uff0c\u5b9e\u65bd\u9493\u9c7c\u653b\u51fb\u3002",
  "discovererName": "Norihiko Hirukawa",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://groupsession.jp/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04328",
  "openTime": "2018-03-06",
  "patchDescription": "Japan Total System GroupSession\u662f\u65e5\u672cJapan Total System\uff08JTS\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7fa4\u4ef6\u9879\u76ee\uff0c\u4ee5\u65b9\u4fbf\u4f01\u4e1a\u548c\u7ec4\u7ec7\u7684\u6c9f\u901a\uff0c\u65e8\u5728\u4fc3\u8fdb\u4fe1\u606f\u5171\u4eab\u3002\r\n\r\nJapan Total System GroupSession 4.7.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610f\u7f51\u7ad9\uff0c\u5b9e\u65bd\u9493\u9c7c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Japan Total System GroupSession\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Japan Total System Co.,Ltd. GroupSession \u003c=4.7.0"
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN26200083/",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-22",
  "title": "Japan Total System GroupSession\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

FKIE_CVE-2017-2166

Vulnerability from fkie_nvd - Published: 2018-01-26 16:29 - Updated: 2024-11-21 03:23

Severity

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

References

	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN26200083/index.html	Third Party Advisory, VDB Entry
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN26200083/index.html	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	groupsession	groupsession	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:groupsession:groupsession:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DE3005-24BF-4A5C-8E57-7DD46D2C04DE",
              "versionEndIncluding": "4.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de redirecci\u00f3n abierta en GroupSession en versiones 4.7.0 y anteriores permite que un atacante remoto redireccione a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2017-2166",
  "lastModified": "2024-11-21T03:23:01.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-26T16:29:00.210",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN26200083/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN26200083/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-XP3V-XRXH-VPV7

Vulnerability from github – Published: 2022-05-14 03:45 – Updated: 2022-05-14 03:45

Details

Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Severity

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-26T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",
  "id": "GHSA-xp3v-xrxh-vpv7",
  "modified": "2022-05-14T03:45:22Z",
  "published": "2022-05-14T03:45:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2166"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN26200083/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-2166

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Aliases

CVE-2017-2166

Aliases

CVE-2017-2166

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2166",
    "description": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",
    "id": "GSD-2017-2166"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2166"
      ],
      "details": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.",
      "id": "GSD-2017-2166",
      "modified": "2023-12-13T01:21:05.206048Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2166",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GroupSession",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "version 4.7.0 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Japan Total System Co.,Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Open Redirect"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#26200083",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN26200083/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:groupsession:groupsession:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2166"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-601"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#26200083",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN26200083/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2018-02-12T15:34Z",
      "publishedDate": "2018-01-26T16:29Z"
    }
  }
}

JVNDB-2018-000003

Vulnerability from jvndb - Published: 2018-01-19 14:19 - Updated:2018-04-11 11:37

Severity

4.7 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Summary

GroupSession vulnerable to open redirect

Details

GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601). Norihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN26200083/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2166
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2166
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Japan Total System Co.,Ltd.

GroupSession

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
  "dc:date": "2018-04-11T11:37+09:00",
  "dcterms:issued": "2018-01-19T14:19+09:00",
  "dcterms:modified": "2018-04-11T11:37+09:00",
  "description": "GroupSession provided by Japan Total System Co.,Ltd. is an open source groupware. GroupSession contains an open redirect vulnerability (CWE-601).\r\n\r\nNorihiko Hirukawa of FiveDrive Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000003.html",
  "sec:cpe": {
    "#text": "cpe:/a:groupsession:groupsession",
    "@product": "GroupSession",
    "@vendor": "Japan Total System Co.,Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.7",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000003",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN26200083/index.html",
      "@id": "JVN#26200083",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2166",
      "@id": "CVE-2017-2166",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2166",
      "@id": "CVE-2017-2166",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "GroupSession vulnerable to open redirect"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2166 (GCVE-0-2017-2166)

CNVD-2018-04328

FKIE_CVE-2017-2166

GHSA-XP3V-XRXH-VPV7

GSD-2017-2166

JVNDB-2018-000003

Tags

Sightings

Nomenclature