CVE-2020-27358 - OpenCVE

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vanderbilt	Redcap

Configuration 1 [-]

cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/seb1055/cve-2020-27358-27359	Exploit Third Party Advisory
https://www.evms.edu/research/resources_services/redcap/redcap_change_log/	Exploit Vendor Advisory
https://www.ruse.tech/blog/38	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-31T16:18:43

Updated: 2020-11-02T13:01:22

Reserved: 2020-10-20T00:00:00

Link: CVE-2020-27358

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-02T21:15:28.647

Modified: 2021-07-01T16:55:07.650

Link: CVE-2020-27358

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-02T13:01:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ruse.tech/blog/38"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/seb1055/cve-2020-27358-27359"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-27358", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/", "refsource": "MISC", "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/"}, {"name": "https://www.ruse.tech/blog/38", "refsource": "MISC", "url": "https://www.ruse.tech/blog/38"}, {"name": "https://github.com/seb1055/cve-2020-27358-27359", "refsource": "MISC", "url": "https://github.com/seb1055/cve-2020-27358-27359"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-27358", "datePublished": "2020-10-31T16:18:43", "dateReserved": "2020-10-20T00:00:00", "dateUpdated": "2020-11-02T13:01:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*", "matchCriteriaId": "51C25902-74A8-42CF-A9EA-10E66B81E466", "versionEndExcluding": "10.0", "versionStartIncluding": "8.11.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}."}, {"lang": "es", "value": "Se detect\u00f3 un problema en REDCap versiones 8.11.6 hasta 9.x anteriores a 10. La funcionalidad CSV de messenger (que permite a usuarios exportar sus hilos de conversaci\u00f3n como CSV) permite a usuarios no privilegiados exportar los hilos de conversaci\u00f3n de los dem\u00e1s al cambiar el par\u00e1metro thread_id en la petici\u00f3n para el endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}"}], "id": "CVE-2020-27358", "lastModified": "2021-07-01T16:55:07.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-02T21:15:28.647", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/seb1055/cve-2020-27358-27359"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.ruse.tech/blog/38"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}