CVE-2019-7628 - OpenCVE

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Pagure

Configuration 1 [-]

cpe:2.3:a:redhat:pagure:5.2:*:*:*:*:*:*:*

References

Link	Resource
https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a	Issue Tracking Patch Vendor Advisory
https://pagure.io/pagure/issue/4230	Issue Tracking Patch Vendor Advisory
https://pagure.io/pagure/issue/4252	Broken Link
https://pagure.io/pagure/issue/4253	Broken Link
https://pagure.io/pagure/pull-request/4254	Issue Tracking Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-02-08T03:00:00

Updated: 2019-02-08T03:57:01

Reserved: 2019-02-07T00:00:00

Link: CVE-2019-7628

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-02-08T03:29:00.327

Modified: 2019-02-21T14:23:30.150

Link: CVE-2019-7628

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-07T00:00:00", "descriptions": [{"lang": "en", "value": "Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-02-08T03:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"}, {"tags": ["x_refsource_MISC"], "url": "https://pagure.io/pagure/pull-request/4254"}, {"tags": ["x_refsource_MISC"], "url": "https://pagure.io/pagure/issue/4230"}, {"tags": ["x_refsource_MISC"], "url": "https://pagure.io/pagure/issue/4252"}, {"tags": ["x_refsource_MISC"], "url": "https://pagure.io/pagure/issue/4253"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7628", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a", "refsource": "MISC", "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"}, {"name": "https://pagure.io/pagure/pull-request/4254", "refsource": "MISC", "url": "https://pagure.io/pagure/pull-request/4254"}, {"name": "https://pagure.io/pagure/issue/4230", "refsource": "MISC", "url": "https://pagure.io/pagure/issue/4230"}, {"name": "https://pagure.io/pagure/issue/4252", "refsource": "MISC", "url": "https://pagure.io/pagure/issue/4252"}, {"name": "https://pagure.io/pagure/issue/4253", "refsource": "MISC", "url": "https://pagure.io/pagure/issue/4253"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-7628", "datePublished": "2019-02-08T03:00:00", "dateReserved": "2019-02-07T00:00:00", "dateUpdated": "2019-02-08T03:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:pagure:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD4F1B26-C35A-402F-AB2A-5368F7EA98B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)"}, {"lang": "es", "value": "Pagure 5.2 filtra las claves API envi\u00e1ndoselas a los usuarios por correo electr\u00f3nico. Pocos servidores de correo electr\u00f3nico validan certificados TLS, por lo que es f\u00e1cil para un atacante Man-in-the-Middle (MitM) leer dichos correos y obtener acceso a Pagure en nombre de otros usuarios. Este problema se encuentra en el cron job del recordatorio de expiraci\u00f3n del token de la API en files/api_key_expire_mail.py; deshabilitar dicho job es tambi\u00e9n una posible soluci\u00f3n. (Se intent\u00f3 enviar una subcadena de la clave API, pero no fue una soluci\u00f3n v\u00e1lida)."}], "id": "CVE-2019-7628", "lastModified": "2019-02-21T14:23:30.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-08T03:29:00.327", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://pagure.io/pagure/issue/4230"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://pagure.io/pagure/issue/4252"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://pagure.io/pagure/issue/4253"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://pagure.io/pagure/pull-request/4254"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}