CVE-2018-1000850

{"id": "CVE-2018-1000850", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-12-20T15:29:02.423", "references": [{"url": "https://access.redhat.com/errata/RHSA-2019:3892", "source": "cve@mitre.org"}, {"url": "https://github.com/square/retrofit/blob/master/CHANGELOG.md", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a073047d#diff-943ec7ed35e68201824904d1dc0ec982", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ihacktoprotect.com/post/retrofit-path-traversal/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3892", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/square/retrofit/blob/master/CHANGELOG.md", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a073047d#diff-943ec7ed35e68201824904d1dc0ec982", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ihacktoprotect.com/post/retrofit-path-traversal/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later."}, {"lang": "es", "value": "Square Retrofit, desde la versi\u00f3n 2.0 (incluida) y 2.5.0 (excluida), contiene una vulnerabilidad de salto de directorio en la clase RequestBuilder, m\u00e9todo addPathParameter. Al manipular la URL, un atacante podr\u00eda a\u00f1adir o eliminar recursos que no estar\u00edan disponibles. Para que el ataque sea explotable, un atacante deber\u00eda tener acceso a un par\u00e1metro path cifrado en las peticiones POST, PUT o DELETE. La vulnerabilidad parece haber sido solucionada en las versiones 2.5.0 y siguientes."}], "lastModified": "2024-11-21T03:40:29.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squareup:retrofit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1F642F3-1814-4D87-8C53-059F499EA23B", "versionEndExcluding": "2.5.0", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}