CVE-2024-31993

{"id": "CVE-2024-31993", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.7}]}, "published": "2024-04-19T21:15:08.523", "references": [{"url": "https://github.com/mealie-recipes/mealie/blob/ee121a12f8db33ecb4db5f8582f7ea9788d019e4/mealie/services/recipe/recipe_data_service.py#L107", "source": "security-advisories@github.com"}, {"url": "https://github.com/mealie-recipes/mealie/commit/2a3463b7466bc297aede50046da9550d919ec56f", "source": "security-advisories@github.com"}, {"url": "https://github.com/mealie-recipes/mealie/pull/3368", "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/advisories/GHSL-2023-225_GHSL-2023-226_Mealie/", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie\u2019s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0."}, {"lang": "es", "value": "Mealie es un administrador de recetas y planificador de comidas aut\u00f3nomo. Antes de 1.4.0, la funci\u00f3n scrape_image recuperaba una imagen basada en una URL proporcionada por el usuario; sin embargo, la URL proporcionada no est\u00e1 validada para apuntar a una ubicaci\u00f3n externa y no tiene ninguna limitaci\u00f3n de velocidad obligatoria. La respuesta del servidor Mealie tambi\u00e9n variar\u00e1 dependiendo de si el archivo de destino es una imagen, no es una imagen o no existe. Adem\u00e1s, cuando se recupera un archivo, \u00e9ste puede permanecer almacenado en el sistema de archivos de Mealie como original.jpg bajo el UUID de la receta para la que se solicit\u00f3. Si el atacante tiene acceso a una cuenta de administrador (por ejemplo, la predeterminada changeme@example.com), este archivo puede recuperarse. Tenga en cuenta que si Mealie se ejecuta en una configuraci\u00f3n de desarrollo, un atacante podr\u00eda aprovechar esto para recuperar cualquier archivo que el servidor de Mealie haya descargado de esta manera sin necesidad de acceso de administrador. Esta vulnerabilidad se solucion\u00f3 en 1.4.0."}], "lastModified": "2024-04-22T13:28:50.310", "sourceIdentifier": "security-advisories@github.com"}