CVE-2023-50264 - OpenCVE

Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bazarr	Bazarr

Configuration 1 [-]

cpe:2.3:a:bazarr:bazarr:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b	Patch
https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1	Release Notes
https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-15T20:42:22.304Z

Updated: 2023-12-15T20:42:22.304Z

Reserved: 2023-12-05T20:42:59.379Z

Link: CVE-2023-50264

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-15T21:15:08.753

Modified: 2023-12-19T20:37:45.463

Link: CVE-2023-50264

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-50264", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-05T20:42:59.379Z", "datePublished": "2023-12-15T20:42:22.304Z", "dateUpdated": "2023-12-15T20:42:22.304Z"}, "containers": {"cna": {"title": "Bazarr Arbitrary file read in /system/backup/download/ endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/", "tags": ["x_refsource_CONFIRM"], "url": "https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/"}, {"name": "https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b", "tags": ["x_refsource_MISC"], "url": "https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b"}, {"name": "https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1"}], "affected": [{"vendor": "morpheus65535", "product": "bazarr", "versions": [{"version": "< 1.3.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-15T20:42:22.304Z"}, "descriptions": [{"lang": "en", "value": "Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1."}], "source": {"advisory": "GHSA-52gm-vprv-cm4v", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bazarr:bazarr:*:*:*:*:*:*:*:*", "matchCriteriaId": "747D6F06-5FF5-45FD-A7BB-6C040B44B048", "versionEndExcluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1."}, {"lang": "es", "value": "Bazarr gestiona y descarga subt\u00edtulos. Antes de 1.3.1, Bazarr contiene un archivo arbitrario le\u00eddo en /system/backup/download/ endpoint en bazarr/app/ui.py no valida la variable de nombre de archivo controlada por el usuario y la usa en la funci\u00f3n send_file, lo que conduce a un archivo arbitrario le\u00eddo en el sistema. Este problema se solucion\u00f3 en la versi\u00f3n 1.3.1."}], "id": "CVE-2023-50264", "lastModified": "2023-12-19T20:37:45.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-15T21:15:08.753", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}