CVE-2002-0096 - Vulnerability Details - OpenCVE

The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Geeklog	Geeklog

Configuration 1 [-]

cpe:2.3:a:geeklog:geeklog:1.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://geeklog.sourceforge.net/index.php?topic=Security
http://www.iss.net/security_center/static/7780.php
http://www.securityfocus.com/archive/1/248367
http://www.securityfocus.com/bid/3783

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2024-08-08T02:35:17.498Z

Reserved: 2002-03-15T00:00:00

Link: CVE-2002-0096

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-03-25T05:00:00.000

Modified: 2024-11-20T23:38:18.110

Link: CVE-2002-0096

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-01-03T00:00:00", "descriptions": [{"lang": "en", "value": "The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-03-22T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "geeklog-default-admin-privileges(7780)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7780.php"}, {"name": "3783", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3783"}, {"name": "20020103 Vulnerability in new user creation in Geeklog 1.3", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/248367"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://geeklog.sourceforge.net/index.php?topic=Security"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0096", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "geeklog-default-admin-privileges(7780)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7780.php"}, {"name": "3783", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3783"}, {"name": "20020103 Vulnerability in new user creation in Geeklog 1.3", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/248367"}, {"name": "http://geeklog.sourceforge.net/index.php?topic=Security", "refsource": "CONFIRM", "url": "http://geeklog.sourceforge.net/index.php?topic=Security"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:35:17.498Z"}, "title": "CVE Program Container", "references": [{"name": "geeklog-default-admin-privileges(7780)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7780.php"}, {"name": "3783", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3783"}, {"name": "20020103 Vulnerability in new user creation in Geeklog 1.3", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/248367"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://geeklog.sourceforge.net/index.php?topic=Security"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0096", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-03-15T00:00:00", "dateUpdated": "2024-08-08T02:35:17.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:geeklog:geeklog:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2EE5B106-CE02-4864-A1FB-B18F66876383", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended."}, {"lang": "es", "value": "La instalaci\u00f3n de Geeklog 1.3 crea un registro \"group_assignments\" extra que no se borra apropiadamente, lo que produce que el primer usuario nuevamente creado sea a\u00f1adido a los grupos GroupAdmin y UserAdmin, lo que podr\u00eda proveer a ese usuario con privilegios adminstrativos no pretendidos."}], "id": "CVE-2002-0096", "lastModified": "2024-11-20T23:38:18.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-03-25T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://geeklog.sourceforge.net/index.php?topic=Security"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7780.php"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/248367"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3783"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://geeklog.sourceforge.net/index.php?topic=Security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.iss.net/security_center/static/7780.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/248367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3783"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}