{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://jetpack.me/2014/04/10/jetpack-security-update/"}, {"name": "66789", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66789"}, {"name": "jetpack-wordpress-cve20140173-sec-bypass(92560)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560"}, {"name": "57729", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57729"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0173", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://jetpack.me/2014/04/10/jetpack-security-update/", "refsource": "CONFIRM", "url": "http://jetpack.me/2014/04/10/jetpack-security-update/"}, {"name": "66789", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66789"}, {"name": "jetpack-wordpress-cve20140173-sec-bypass(92560)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560"}, {"name": "57729", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57729"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:05:39.297Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jetpack.me/2014/04/10/jetpack-security-update/"}, {"name": "66789", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66789"}, {"name": "jetpack-wordpress-cve20140173-sec-bypass(92560)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560"}, {"name": "57729", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57729"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0173", "datePublished": "2014-04-21T14:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.297Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:automattic:jetpack:1.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5465AA1E-D2F0-4152-A6E3-9FA232CCF47B", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:1.9.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "04AE244E-6F46-4A38-9A54-6E1DB84DE901", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:1.9.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3A11DA6F-046B-4E55-84A3-FA3BC58A9E88", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "96268538-B603-4164-BD80-D652A83A0DDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A9B6F00B-4B90-4933-8A06-7198A190FBE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "98DF6337-F098-4E62-B836-866C964E073E", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D307AB75-60CE-44BE-A6AD-DE8C53B81E64", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.0.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A5D4675F-AB54-4227-83BF-EE29EDFD7B0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BE126651-479E-4669-A4A8-445C45F0B39E", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CBACDFB5-1B3C-4BAC-B729-FF3249242F96", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.1.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D5BE7990-72DB-47D7-8795-3D2E55A89F68", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "50CE0762-101F-4C4A-A095-93B123430B91", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "50C87C2D-1E4E-42D4-8241-026FABE6A553", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "424DE391-BBAB-4F6F-A6B8-D4411C333C12", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "533E86A1-A1A0-45A4-9B57-F74E39F2D9B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B5F2C07B-7D37-4785-8FB9-BCE44D67C1E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.2.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6A70B3E3-E222-4980-BB89-3D031C9152DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "61DAD647-51F5-41A9-9E7A-4E29AF14CE0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9942C264-5C4B-4046-B3C7-F3CA95BFA2B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "43FA2519-9D13-4EC3-B43C-E8E334192B7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4F24E0A1-F7FC-4679-AD0F-BCAD09F039D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "63D784CB-AF36-480C-BD39-575EFA2174ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.3.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E10444B2-17DC-476C-9D25-4E4E4F857BD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CE26F4B0-4125-45A4-9942-3F4B4A4FD5EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.4.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "741CF1D7-5CF3-4A80-9E67-3994AB8F0819", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E0EBB7A8-7CA1-4B21-8CB7-1BCAACDE0023", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2A8B3F25-4ED3-4AFA-8DD5-452D0DB04AD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FD46AF5F-ED2B-4398-89EB-72C3BBDDB738", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.6.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3F19C429-7B02-4A3B-AEDD-F96C9A09C626", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "30163557-FBC3-4DFD-BDBC-1DCE2DE651DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "80D0896F-2EF5-44BA-A346-F55240DE4024", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "12E69FA4-004C-4F02-9151-4652D2A317CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.9.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "234DDD15-11B2-4CEF-8CF2-A4A9B35C4069", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.9.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "09018C46-240E-4496-8F9B-AC2D7FF912DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:automattic:jetpack:2.9.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D4981064-C981-4E52-9819-A00779873A74", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "El plugin Jetpack anterior a 1.9 anterior a 1.9.4, 2.0.x anterior a 2.0.9, 2.1.x anterior a 2.1.4, 2.2.x anterior a 2.2.7, 2.3.x anterior a 2.3.7, 2.4.x anterior a 2.4.4, 2.5.x anterior a 2.5.2, 2.6.x anterior a 2.6.3, 2.7.x anterior a 2.7.2, 2.8.x anterior a 2.8.2 y 2.9.x anterior a 2.9.3 para WordPress no restringe debidamente acceso al servicio XML-RPC, lo que permite a atacantes remotos evadir restricciones y publicar mensajes a trav\u00e9s de vectores no especificados. NOTA: algunos de estos detalles se obtienen de informaci\u00f3n de terceras partes."}], "id": "CVE-2014-0173", "lastModified": "2024-11-21T02:01:33.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-22T13:06:27.023", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://jetpack.me/2014/04/10/jetpack-security-update/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57729"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/66789"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://jetpack.me/2014/04/10/jetpack-security-update/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/57729"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/66789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92560"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}