CVE-2017-1000192

critical

Published 2017-11-17 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

5.0

VIR risk

9.8

Description

Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901

Application impact

Vendor	Product	Versions	Fixed
cygnux	syspass	`{"endIncluding":"2.1.7"}`

References

https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901
https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901

Verify integrity in audit chain (admin only). AS-IS.