CVE-2013-7383 : x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain pr

x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.

Published 2014-05-20 14:55:05

Updated 2014-05-21 18:47:58

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-7383

Probability of exploitation activity in the next 30 days: 0.32%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-7383

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-7383

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-7383

http://security.gentoo.org/glsa/glsa-201405-26.xml

X2Go Server: Privilege Escalation (GLSA 201405-26) — Gentoo security
http://www.openwall.com/lists/oss-security/2014/05/19/4

oss-security - Re: CVE request: X2Go Server privilege escalation
http://permalink.gmane.org/gmane.linux.terminal-server.x2go.announce/83

Vendor Advisory
http://www.securityfocus.com/bid/65001

X2Go Server 'x2gocleansessions' Local Privilege Escalation Vulnerability
http://www.openwall.com/lists/oss-security/2014/05/18/1

oss-security - CVE request: X2Go Server privilege escalation

Products affected by CVE-2013-7383

X2go » X2go Server
Versions up to, including, (<=) 4.0.0.7
cpe:2.3:a:x2go:x2go_server:*:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.0.0
cpe:2.3:a:x2go:x2go_server:4.0.0.0:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.4
cpe:2.3:a:x2go:x2go_server:4.0.1.4:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.2
cpe:2.3:a:x2go:x2go_server:4.0.1.2:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.0.6
cpe:2.3:a:x2go:x2go_server:4.0.0.6:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.0.3
cpe:2.3:a:x2go:x2go_server:4.0.0.3:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.5
cpe:2.3:a:x2go:x2go_server:4.0.1.5:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.3
cpe:2.3:a:x2go:x2go_server:4.0.1.3:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.0.4
cpe:2.3:a:x2go:x2go_server:4.0.0.4:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.9
cpe:2.3:a:x2go:x2go_server:4.0.1.9:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.8
cpe:2.3:a:x2go:x2go_server:4.0.1.8:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.7
cpe:2.3:a:x2go:x2go_server:4.0.1.7:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.6
cpe:2.3:a:x2go:x2go_server:4.0.1.6:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.1
cpe:2.3:a:x2go:x2go_server:4.0.1.1:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.1.0
cpe:2.3:a:x2go:x2go_server:4.0.1.0:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.0.2
cpe:2.3:a:x2go:x2go_server:4.0.0.2:*:*:*:*:*:*:*
Matching versions
X2go » X2go Server » Version: 4.0.0.1
cpe:2.3:a:x2go:x2go_server:4.0.0.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-7383

Exploit prediction scoring system (EPSS) score for CVE-2013-7383

CVSS scores for CVE-2013-7383

CWE ids for CVE-2013-7383

References for CVE-2013-7383

Products affected by CVE-2013-7383