CVE-2017-20052
Published: 16 June 2022
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Notes
| Author | Note |
|---|---|
| mdeslaur | This issue allows loading a malicious DLL from an untrusted path when launching the pgAdmin4 tool. According to the pgAdmin4 team, this is actually an issue in Python. Since DLL loading is in a windows-specific codebase, and is different in Linux, I am marking this issue as not-affected. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
python Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(windows specific)
|
|
python2.7 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(windows specific)
|
| focal |
Not vulnerable
(windows specific)
|
|
| impish |
Not vulnerable
(windows specific)
|
|
| jammy |
Not vulnerable
(windows specific)
|
|
| trusty |
Not vulnerable
(windows specific)
|
|
| upstream |
Not vulnerable
(windows specific)
|
|
| xenial |
Not vulnerable
(windows specific)
|
|
|
python3.10 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Not vulnerable
(windows specific)
|
|
| jammy |
Not vulnerable
(windows specific)
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(windows specific)
|
|
| xenial |
Does not exist
|
|
|
python3.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Not vulnerable
(windows specific)
|
|
| upstream |
Not vulnerable
(windows specific)
|
|
| xenial |
Does not exist
|
|
|
python3.5 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Not vulnerable
(windows specific)
|
|
| upstream |
Not vulnerable
(windows specific)
|
|
| xenial |
Not vulnerable
(windows specific)
|
|
|
python3.6 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(windows specific)
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(windows specific)
|
|
| xenial |
Does not exist
|
|
|
python3.7 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(windows specific)
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(windows specific)
|
|
| xenial |
Does not exist
|
|
|
python3.8 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(windows specific)
|
| focal |
Not vulnerable
(windows specific)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(windows specific)
|
|
| xenial |
Does not exist
|
|
|
python3.9 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Not vulnerable
(windows specific)
|
|
| impish |
Not vulnerable
(windows specific)
|
|
| jammy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(windows specific)
|
|
| xenial |
Does not exist
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |