CVE-2018-17605 - OpenCVE

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asset Pipeline Project	Asset-pipeline

Configuration 1 [-]

cpe:2.3:a:asset_pipeline_project:asset-pipeline:*:*:*:*:*:grails:*:*

References

Link	Resource
https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017	Patch
https://github.com/grails/grails-core/issues/11068	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-28T09:00:00

Updated: 2018-09-28T08:57:01

Reserved: 2018-09-28T00:00:00

Link: CVE-2018-17605

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-09-28T09:29:01.213

Modified: 2018-12-28T15:24:06.603

Link: CVE-2018-17605

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-28T08:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/grails/grails-core/issues/11068"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17605", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017", "refsource": "MISC", "url": "https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017"}, {"name": "https://github.com/grails/grails-core/issues/11068", "refsource": "MISC", "url": "https://github.com/grails/grails-core/issues/11068"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-17605", "datePublished": "2018-09-28T09:00:00", "dateReserved": "2018-09-28T00:00:00", "dateUpdated": "2018-09-28T08:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:asset_pipeline_project:asset-pipeline:*:*:*:*:*:grails:*:*", "matchCriteriaId": "6DA446E3-D96B-436C-99FF-57BFC65B8C0F", "versionEndExcluding": "3.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy."}, {"lang": "es", "value": "Se ha descubierto un problema en el plugin Asset Pipeline en versiones anteriores a la 3.0.4 para Grails. Un atacante puede realizar un salto de directorio mediante una petici\u00f3n manipulada cuando una aplicaci\u00f3n basada en servlets se ejecuta en Jetty, debido a que hay una vulnerabilidad classloader que puede permitir una ruta de salto de archivos inverso en AssetPipelineFilter.groovy o AssetPipelineFilterCore.groovy."}], "id": "CVE-2018-17605", "lastModified": "2018-12-28T15:24:06.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-28T09:29:01.213", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/grails/grails-core/issues/11068"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}