CVE-2023-1713 - OpenCVE

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bitrix24	Bitrix24

Configuration 1 [-]

cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*

References

Link	Resource
https://starlabs.sg/advisories/23/23-1713/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: STAR_Labs

Published: 2023-11-01T09:02:18.019Z

Updated: 2023-11-01T09:02:18.019Z

Reserved: 2023-03-30T09:14:16.052Z

Link: CVE-2023-1713

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-01T10:15:08.973

Modified: 2023-11-09T20:37:42.650

Link: CVE-2023-1713

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1713", "assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "state": "PUBLISHED", "assignerShortName": "STAR_Labs", "dateReserved": "2023-03-30T09:14:16.052Z", "datePublished": "2023-11-01T09:02:18.019Z", "dateUpdated": "2023-11-01T09:02:18.019Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bitrix24", "programFiles": ["file:bitrix/components/bitrix/crm.order.import.instagram.view/class.php"], "vendor": "Bitrix24", "versions": [{"lessThanOrEqual": "22.0.300", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lam Jun Rong & Li Jiantao of STAR Labs SG Pte. Ltd. (@starlabs_sg)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted \".htaccess\" file."}], "value": "Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted \".htaccess\" file."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "shortName": "STAR_Labs", "dateUpdated": "2023-11-01T09:02:18.019Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://starlabs.sg/advisories/23/23-1713/"}], "source": {"discovery": "UNKNOWN"}, "title": "Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*", "matchCriteriaId": "D47D6185-F86F-4402-85C1-C0A0EAE09B0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted \".htaccess\" file."}, {"lang": "es", "value": "La creaci\u00f3n insegura de archivos temporales en bitrix/modules/crm/lib/order/import/instagram.php en Bitrix24 22.0.300 alojado en el servidor HTTP Apache permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario cargando un archivo \".htaccess\" manipulado."}], "id": "CVE-2023-1713", "lastModified": "2023-11-09T20:37:42.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@starlabs.sg", "type": "Secondary"}]}, "published": "2023-11-01T10:15:08.973", "references": [{"source": "info@starlabs.sg", "tags": ["Exploit", "Third Party Advisory"], "url": "https://starlabs.sg/advisories/23/23-1713/"}], "sourceIdentifier": "info@starlabs.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "info@starlabs.sg", "type": "Secondary"}]}