CVE-2019-17636 - OpenCVE

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Eclipse	Theia

Configuration 1 [-]

cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747	Exploit Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: eclipse

Published: 2020-03-10T14:30:14

Updated: 2020-03-10T14:30:14

Reserved: 2019-10-16T00:00:00

Link: CVE-2019-17636

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-10T15:15:16.073

Modified: 2020-03-11T17:58:18.170

Link: CVE-2019-17636

JSON object: View

Redhat Information

No data.

CWE

CWE-345

{"containers": {"cna": {"affected": [{"product": "Eclipse Theia", "vendor": "The Eclipse Foundation", "versions": [{"status": "affected", "version": "0.3.9 to 0.15.0"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE: CWE-345: Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-10T14:30:14", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2019-17636", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Theia", "version": {"version_data": [{"version_value": "0.3.9 to 0.15.0"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE: CWE-345: Insufficient Verification of Data Authenticity"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"}]}}}}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2019-17636", "datePublished": "2020-03-10T14:30:14", "dateReserved": "2019-10-16T00:00:00", "dateUpdated": "2020-03-10T14:30:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F6DB8A4-6460-4D16-8F2D-80EF235DC616", "versionEndIncluding": "0.15.0", "versionStartIncluding": "0.3.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."}, {"lang": "es", "value": "En Eclipse Theia versiones 0.3.9 hasta la versi\u00f3n 0.15.0, una de las extensiones de Theia pre-empaquetadas predeterminadas es \"Mini-Browser\", publicada como \"@theia/mini-browser\" en npmjs.com. Esta extensi\u00f3n, para sus propias necesidades, expone un endpoint HTTP que permite leer el contenido de los archivos en el sistema de archivos del host, entregar su ruta, sin restricciones en el origen del solicitante. Este dise\u00f1o es vulnerable a ser explotado remotamente por medio de un ataque de tipo DNS rebinding o una descarga autom\u00e1tica de una explotaci\u00f3n cuidadosamente dise\u00f1ado."}], "id": "CVE-2019-17636", "lastModified": "2020-03-11T17:58:18.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-10T15:15:16.073", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "emo@eclipse.org", "type": "Secondary"}]}