CVE-2017-20199

LOW EPSS 34.2%
Published Aug 16, 202510mo ago · Modified Jun 17, 20262w ago
1.3 CVSS 4.0
Low
Find Similar
Published Aug 16, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Details

Base Score
1.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
34.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-266
CWE-284

Affected Products 1

VendorProductVersionRange
buttercupbuttercup* <1.0.1

References 8

  • github.com https://github.com/buttercup/buttercup-browser-extension/issues/92
    Issue Tracking
  • github.com https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-358449755
    Issue Tracking
  • github.com https://github.com/buttercup/buttercup-browser-extension/issues/92#issuecomment-372991430
    Issue Tracking
  • github.com https://github.com/buttercup/buttercup-browser-extension/pull/89
    Patch
  • github.com https://github.com/buttercup/buttercup-browser-extension/releases/tag/v1.0.1
    Release Notes
  • vuldb.com https://vuldb.com/?ctiid.319969
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.319969
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.628170
    Third Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/buttercup/buttercup-browser-extension/pull/89
    Patch