CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory.

CVSS v3 9.1 CRITICAL
CVSS v2.0 5.0 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/autovance/ftp-srv/commit/e449e75219d918c400dec65b4b0759f60476abca	Patch Third Party Advisory
https://github.com/autovance/ftp-srv/security/advisories/GHSA-jw37-5gqr-cf9j	Mitigation Patch Third Party Advisory
https://www.npmjs.com/package/ftp-srv	Product Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ftp-srv_project:ftp-srv::::::node.js::*
	cpe:2.3:a:ftp-srv_project:ftp-srv::::::node.js::*
	cpe:2.3:a:ftp-srv_project:ftp-srv::::::node.js::*

History

No history.

Information

Published : 2020-08-17 22:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-15152

Mitre link : CVE-2020-15152

CVE.ORG link : CVE-2020-15152

JSON object : View

Products Affected

ftp-srv_project

ftp-srv

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2020-15152", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2020-08-17T22:15:12.627", "references": [{"url": "https://github.com/autovance/ftp-srv/commit/e449e75219d918c400dec65b4b0759f60476abca", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/autovance/ftp-srv/security/advisories/GHSA-jw37-5gqr-cf9j", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.npmjs.com/package/ftp-srv", "tags": ["Product", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version2 2.19.6, 3.1.2, and 4.3.4. More information can be found on the linked advisory."}, {"lang": "es", "value": "ftp-srv es un paquete npm que es un moderno y extensible servidor FTP dise\u00f1ado para ser simple pero configurable. En ftp-srv antes de las versiones 2.19.6, 3.1.2, y 4.3.4 son vulnerables a la falsificaci\u00f3n de solicitudes del lado del servidor. El comando PORT permite IPs arbitrarias que pueden ser usadas para hacer que el servidor haga una conexi\u00f3n en otro lugar. Una posible soluci\u00f3n es bloquear el PUERTO a trav\u00e9s de la configuraci\u00f3n. Este problema est\u00e1 solucionado en las versiones 2.19.6, 3.1.2 y 4.3.4. Puede encontrar m\u00e1s informaci\u00f3n en el aviso vinculado"}], "lastModified": "2021-05-05T14:02:23.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "F5D90734-6B6E-4C5F-B0D5-9B4C4FAA8648", "versionEndExcluding": "2.19.6"}, {"criteria": "cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "4A020A63-F973-4E4C-9CF2-2B8F79234570", "versionEndExcluding": "3.1.2", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:ftp-srv_project:ftp-srv:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "B1A73879-F682-4506-91E9-E0957E37C4EE", "versionEndExcluding": "4.3.4", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}