CVE-2017-20199
BaseFortify
Publication date: 2025-08-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| buttercup | buttercup | to 1.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Buttercup buttercup-browser-extension up to version 0.14.2 involves improper access controls in an unknown functionality. It can be exploited remotely but requires a rather high attack complexity and is difficult to exploit. The vulnerability has been publicly disclosed and can be used by attackers. Upgrading to version 1.0.1 addresses the issue.
How can this vulnerability impact me? :
The vulnerability can lead to improper access controls, potentially allowing unauthorized remote access to certain functionality within the affected software. However, the impact is limited as the attack complexity is high and exploitation is difficult. The vulnerability does not affect integrity or availability, only confidentiality to a limited extent.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Buttercup buttercup-browser-extension to version 1.0.1, as this version addresses the vulnerability. Since the affected products are no longer supported by the maintainer, upgrading is the recommended mitigation step.