CVE-2018-20718 - OpenCVE

In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Pydio	Pydio

Configuration 1 [-]

cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*

References

Link	Resource
https://blog.ripstech.com/2018/pydio-unauthenticated-remote-code-execution/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-15T16:00:00

Updated: 2019-01-15T16:57:01

Reserved: 2019-01-15T00:00:00

Link: CVE-2018-20718

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-01-15T16:29:00.663

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-20718

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CB228C9-FEDE-4819-BD5A-F2F2A341FAC4", "versionEndExcluding": "8.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0:{} syntax to store a preference. An attacker either needs a \"public link\" of a file, or access to any unprivileged user account for creation of such a link."}, {"lang": "es", "value": "En Pydio, en versiones anteriores a la 8.2.2, es posible un ataque mediante una inyecci\u00f3n de objetos PHP debido a que un usuario puede emplear la sintaxis $phpserial$a:0:{} para almacenar una preferencia. Un atacante necesitar\u00eda un \"enlace p\u00fablico\" a un archivo o acceso a cualquier cuenta de usuario sin privilegios para crear tal enlace."}], "id": "CVE-2018-20718", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-15T16:29:00.663", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.ripstech.com/2018/pydio-unauthenticated-remote-code-execution/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}