CVE-2020-25803 - OpenCVE

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Craftercms	Studio

Configuration 1 [-]

OR	cpe:2.3:a:craftercms:studio::::::::
	cpe:2.3:a:craftercms:studio::::::::

References

Link	Resource
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: crafter

Published: 2020-08-01T00:00:00

Updated: 2020-10-06T14:21:40

Reserved: 2020-09-22T00:00:00

Link: CVE-2020-25803

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-06T15:15:15.210

Modified: 2020-10-09T23:11:10.293

Link: CVE-2020-25803

JSON object: View

Redhat Information

No data.

CWE

CWE-913

{"containers": {"cna": {"affected": [{"product": "Crafter CMS", "vendor": "Crafter Software", "versions": [{"lessThan": "3.0.27", "status": "affected", "version": "3.0", "versionType": "custom"}, {"lessThan": "3.1.7", "status": "affected", "version": "3.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Alvaro Mu\u00f1oz (GitHub)"}], "datePublic": "2020-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-913", "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-06T14:21:40", "orgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd", "shortName": "crafter"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102"}], "source": {"discovery": "EXTERNAL"}, "title": "Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects.", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@craftersoftware.com", "DATE_PUBLIC": "2020-08-01T19:45:00.000Z", "ID": "CVE-2020-25803", "STATE": "PUBLIC", "TITLE": "Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Crafter CMS", "version": {"version_data": [{"version_affected": "<", "version_name": "3.0", "version_value": "3.0.27"}, {"version_affected": "<", "version_name": "3.1", "version_value": "3.1.7"}]}}]}, "vendor_name": "Crafter Software"}]}}, "credit": [{"lang": "eng", "value": "Alvaro Mu\u00f1oz (GitHub)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-913 Improper Control of Dynamically-Managed Code Resources"}]}]}, "references": {"reference_data": [{"name": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102", "refsource": "MISC", "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "4ff2b028-869f-4b00-a7b2-05997f6f14fd", "assignerShortName": "crafter", "cveId": "CVE-2020-25803", "datePublished": "2020-08-01T00:00:00", "dateReserved": "2020-09-22T00:00:00", "dateUpdated": "2020-10-06T14:21:40", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:craftercms:studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "3160EEDD-DE23-40B7-AE9C-3EEAA6046667", "versionEndExcluding": "3.0.27", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:craftercms:studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AB816B9-6F7B-4092-ACDF-689BE6F42285", "versionEndExcluding": "3.1.7", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7."}, {"lang": "es", "value": "Una vulnerabilidad de Control Inapropiado de los Recursos de C\u00f3digo Administrados Din\u00e1micamente en Crafter Studio de Crafter CMS, permite a los desarrolladores autenticados ejecutar comandos de Sistema Operativo por medio de los objetos expuestos de la plantilla FreeMarker. Este problema afecta a: Crafter Software Crafter CMS versiones 3.0 anteriores a 3.0.27; versiones 3.1 anteriores a 3.1.7"}], "id": "CVE-2020-25803", "lastModified": "2020-10-09T23:11:10.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "security@craftersoftware.com", "type": "Secondary"}]}, "published": "2020-10-06T15:15:15.210", "references": [{"source": "security@craftersoftware.com", "tags": ["Vendor Advisory"], "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102"}], "sourceIdentifier": "security@craftersoftware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-913"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-913"}], "source": "security@craftersoftware.com", "type": "Secondary"}]}