CVE-2023-4588 - OpenCVE

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Delinea	Secret Server

Configuration 1 [-]

OR	cpe:2.3:a:delinea:secret_server:10.9.000002:::::::*
	cpe:2.3:a:delinea:secret_server:11.4.000002:::::::*

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-09-06T11:43:19.278Z

Updated: 2023-09-06T11:43:19.278Z

Reserved: 2023-08-29T07:44:07.813Z

Link: CVE-2023-4588

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-06T12:15:07.827

Modified: 2023-09-11T13:44:02.943

Link: CVE-2023-4588

JSON object: View

Redhat Information

No data.

CWE

CWE-552

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4588", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2023-08-29T07:44:07.813Z", "datePublished": "2023-09-06T11:43:19.278Z", "dateUpdated": "2023-09-06T11:43:19.278Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Secret Server", "vendor": "Delinea", "versions": [{"status": "affected", "version": "v10.9.000002"}, {"status": "affected", "version": "v11.4.000002"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "H\u00e9ctor de Armas Padr\u00f3n (@3v4SI0N)"}], "datePublic": "2023-09-06T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."}], "value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."}], "impacts": [{"capecId": "CAPEC-150", "descriptions": [{"lang": "en", "value": "CAPEC-150 Collect Data from Common Resource Locations"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-09-06T11:43:19.278Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"}], "source": {"discovery": "EXTERNAL"}, "title": "File accessibility vulnerability in Delinea Secret Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*", "matchCriteriaId": "0549C65A-06F9-41D4-BF9C-D303A8BC578C", "vulnerable": true}, {"criteria": "cpe:2.3:a:delinea:secret_server:11.4.000002:*:*:*:*:*:*:*", "matchCriteriaId": "26B9E59F-98C5-4AAE-B0BD-418B8D7EC723", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."}, {"lang": "es", "value": "Vulnerabilidad de accesibilidad a archivos en Delinea Secret Server, en sus versiones v10.9.000002 y v11.4.000002. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un usuario autenticado con privilegios administrativos crear un archivo de copia de seguridad en el directorio ra\u00edz web de la aplicaci\u00f3n, cambiando el directorio de copia de seguridad predeterminado a la carpeta wwwroot y descargarlo con algunos archivos de configuraci\u00f3n como encryption.config/ y database.config almacenado en el directorio wwwroot, exponiendo las credenciales de la base de datos en texto plano.\n"}], "id": "CVE-2023-4588", "lastModified": "2023-09-11T13:44:02.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2023-09-06T12:15:07.827", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-552"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}