CVE-2019-9889 - OpenCVE

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vanillaforums	Vanilla

Configuration 1 [-]

cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22	Third Party Advisory
https://github.com/vanilla/vanilla/pull/7840	Third Party Advisory
https://hackerone.com/reports/411140	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-20T22:12:27

Updated: 2019-03-20T22:12:27

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-9889

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-21T16:01:17.627

Modified: 2019-03-26T14:09:25.307

Link: CVE-2019-9889

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-20T22:12:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/411140"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vanilla/vanilla/pull/7840"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9889", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/411140", "refsource": "MISC", "url": "https://hackerone.com/reports/411140"}, {"name": "https://github.com/vanilla/vanilla/pull/7840", "refsource": "MISC", "url": "https://github.com/vanilla/vanilla/pull/7840"}, {"name": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22", "refsource": "MISC", "url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9889", "datePublished": "2019-03-20T22:12:27", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2019-03-20T22:12:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "43589609-CB2B-4C9D-8DEE-47447B8AFA56", "versionEndExcluding": "2.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."}, {"lang": "es", "value": "En Vanilla, en versiones anteriores a la 2.6.4, existe un error en la funci\u00f3n getSingleIndex de la clase AddonManager. Este problema resulta en una llamada \"require\" que emplea un valor de tipo manipulado, lo que conduce a un salto de directorio con una inclusi\u00f3n de archivos. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del servidor web."}], "id": "CVE-2019-9889", "lastModified": "2019-03-26T14:09:25.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:01:17.627", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/vanilla/vanilla/pull/7840"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/411140"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}