CVE-2020-15224

{"id": "CVE-2020-15224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2020-10-14T19:15:13.633", "references": [{"url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-552"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."}, {"lang": "es", "value": "En Open Enclave versiones anteriores a 0.12.0, se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando una aplicaci\u00f3n enclave que usa las llamadas al sistema proporcionadas por el archivo sockets.edl es cargada por una aplicaci\u00f3n de host maliciosa. Un atacante que explote con \u00e9xito la vulnerabilidad podr\u00eda leer datos privilegiados de la pila de enclave a trav\u00e9s de l\u00edmites confiables. Para explotar esta vulnerabilidad, un atacante tendr\u00eda que iniciar sesi\u00f3n en un sistema afectado y ejecutar una aplicaci\u00f3n especialmente dise\u00f1ada. La vulnerabilidad no permitir\u00eda a un atacante elevar los derechos de usuarios directamente, pero podr\u00eda ser usada para obtener informaci\u00f3n que de otro modo se considerar\u00eda confidencial en un enclave, que podr\u00eda usarse en compromisos adicionales. El problema ha sido abordado en la versi\u00f3n 0.12.0 y en la rama maestra actual. Los usuarios deber\u00e1n volver a compilar sus aplicaciones con las bibliotecas parcheadas para estar protegidos de esta vulnerabilidad"}], "lastModified": "2024-11-21T05:05:07.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99DFEB28-6E1E-4073-9AFF-F09D44D22F7E", "versionEndExcluding": "0.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}