CVE-2014-125033 - OpenCVE

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rails-cv-app Project	Rails-cv-app

Configuration 1 [-]

cpe:2.3:a:rails-cv-app_project:rails-cv-app:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863
https://vuldb.com/?ctiid.217178
https://vuldb.com/?id.217178

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-01-02T07:51:16.499Z

Updated: 2024-08-06T14:10:56.589Z

Reserved: 2023-01-02T07:48:48.917Z

Link: CVE-2014-125033

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-02T08:15:09.930

Modified: 2024-05-17T00:58:16.077

Link: CVE-2014-125033

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2014-125033", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-01-02T07:48:48.917Z", "datePublished": "2023-01-02T07:51:16.499Z", "dateUpdated": "2024-08-06T14:10:56.589Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T05:57:08.811Z"}, "title": "rails-cv-app uploaded_files_controller.rb path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-24", "lang": "en", "description": "CWE-24 Path Traversal: '../filedir'"}]}], "affected": [{"vendor": "n/a", "product": "rails-cv-app", "versions": [{"version": "n/a", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in rails-cv-app ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei app/controllers/uploaded_files_controller.rb. Mittels dem Manipulieren mit der Eingabe ../../../etc/passwd mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 0d20362af0a5f8a126f67c77833868908484a863 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2023-01-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-01-02T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-01-02T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-01-26T20:19:57.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.217178", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.217178", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863", "tags": ["patch"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:10:56.589Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.217178", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.217178", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863", "tags": ["patch", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rails-cv-app_project:rails-cv-app:*:*:*:*:*:*:*:*", "matchCriteriaId": "397ABDC2-23D1-40D2-A1D9-AD4E46668B7E", "versionEndExcluding": "2014-11-16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Rails-cv-app. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo app/controllers/uploaded_files_controller.rb es afectada por este problema. La manipulaci\u00f3n con la entrada ../../../etc/passwd conduce al path traversal: '../filedir'. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El parche se identifica como 0d20362af0a5f8a126f67c77833868908484a863. Se recomienda aplicar un parche para solucionar este problema. VDB-217178 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2014-125033", "lastModified": "2024-05-17T00:58:16.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-01-02T08:15:09.930", "references": [{"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bertrand-caron/rails-cv-app/commit/0d20362af0a5f8a126f67c77833868908484a863"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.217178"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.217178"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-24"}], "source": "cna@vuldb.com", "type": "Secondary"}]}