CVE-2018-14772 - OpenCVE

Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Pydio	Pydio

Configuration 1 [-]

cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*

References

Link	Resource
http://coastalsec.io/cve-2018-14772-remote-code-execution	Patch Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-10-16T22:00:00

Updated: 2018-10-16T21:57:01

Reserved: 2018-07-31T00:00:00

Link: CVE-2018-14772

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-16T22:29:01.603

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-14772

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8A2CB60-BBC5-4477-9EA3-29B23C13A396", "versionEndIncluding": "8.2.1", "versionStartIncluding": "4.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection."}, {"lang": "es", "value": "Pydio, desde la versi\u00f3n 4.2.1 hasta la 8.2.1, tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo autenticada por la que un atacante con acceso de administrador a la aplicaci\u00f3n web puede ejecutar c\u00f3digo arbitrario en el sistema subyacente mediante una inyecci\u00f3n de comandos."}], "id": "CVE-2018-14772", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-16T22:29:01.603", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Technical Description", "Third Party Advisory"], "url": "http://coastalsec.io/cve-2018-14772-remote-code-execution"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}