CVE-2017-20199 LOW

CVE-2017-20199: Buttercup buttercup-browser-extension Vault access control

Vendor Buttercup
Product buttercup-browser-extension
Weakness CWE-284
Published August 15, 2025
Last update August 27, 2025

CVSS base score

2.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

August 15, 2025 CVE published
August 27, 2025 Record updated