CVE-2020-5299

{"id": "CVE-2020-5299", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.0}]}, "published": "2020-06-03T22:15:11.957", "references": [{"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security-advisories@github.com"}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466)."}, {"lang": "es", "value": "En OctoberCMS (paquete de compositor october/october) versiones desde 1.0.319 y anteriores a 1.0.466, cualquier usuario con la capacidad de modificar cualquier informaci\u00f3n que eventualmente podr\u00eda ser exportada como un archivo CSV desde la funci\u00f3n \"ImportExportController\" podr\u00eda introducir potencialmente una inyecci\u00f3n CSV en los datos para causar que el archivo de exportaci\u00f3n CSV generado sea malicioso. Esto requiere que atacantes logren lo siguiente antes de que se pueda completar un ataque exitoso: 1. Han encontrado una vulnerabilidad en el software de hoja de c\u00e1lculo de las v\u00edctimas de elecci\u00f3n. 2. Los datos de control que podr\u00edan potencialmente ser exportados por medio de la funci\u00f3n \"ImportExportController\" por parte una v\u00edctima te\u00f3rica. 3. Convencer a la v\u00edctima para exportar datos anteriores como un CSV y ejecutarlos en un software de hoja de c\u00e1lculo vulnerable, mientras que tambi\u00e9n al omitir cualquier comprobaci\u00f3n de sanidad para dicho software. El problema ha sido parcheado en el Build 466 (versi\u00f3n v1.0.466)"}], "lastModified": "2024-11-21T05:33:51.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3FE9FB6-7669-4FDA-8099-2953B2E0B15C", "versionEndExcluding": "1.0.466", "versionStartIncluding": "1.0.319"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}