Vulnerability Description
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Seafile | Seafile Server | < 3.1.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2014/08/24/3Mailing List
- http://www.securityfocus.com/bid/69360Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95458Third Party AdvisoryVDB Entry
- https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.hRelease Notes
- https://manual.seafile.com/changelog/server-changelog.htmlRelease Notes
- http://www.openwall.com/lists/oss-security/2014/08/24/3Mailing List
- http://www.securityfocus.com/bid/69360Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95458Third Party AdvisoryVDB Entry
- https://manual.seafile.com/changelog/changelog-for-seafile-professional-server.hRelease Notes
- https://manual.seafile.com/changelog/server-changelog.htmlRelease Notes
FAQ
What is CVE-2014-5443?
CVE-2014-5443 is a vulnerability with a CVSS score of 7.8 (HIGH). Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
How severe is CVE-2014-5443?
CVE-2014-5443 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5443?
Check the references section above for vendor advisories and patch information. Affected products include: Seafile Seafile Server.