| CVE-2019-13915 | Medium damage | 7.5 |
| Very easy to exploit |
| (other affected products) | Published: Thu Jul 18 15:15:00 2019 UTC. Last Modified: Mon Aug 24 17:37:00 2020 UTC |
CPE matches: cpe:2.3:a:b3log:wide:*:*:*:*:*:*:*:* && versionEndExcluding=1.6.0
Description
b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access.
Damage
- Access to all information.
Attack conditions
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (CVSSv3)
Type of bug(s)
- CWE-59, Improper Link Resolution Before File Access ('Link Following'): The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
- CWE-74, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'): The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.