CVE-2018-11798 - OpenCVE

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Thrift
Redhat	Jboss Data Virtualization Jboss Fuse

Configuration 1 [-]

cpe:2.3:a:apache:thrift:*:*:*:*:*:node.js:*:*

Package	CPE	Advisory	Released Date
Red Hat Fuse 7.3.1
camel-thrift	cpe:/a:redhat:jboss_fuse:7	RHSA-2019:1545	2019-06-18T00:00:00Z
libthrift	cpe:/a:redhat:jboss_fuse:7	RHSA-2019:1545	2019-06-18T00:00:00Z
Red Hat JBoss Data Virtualization 6.4.8
libthrift	cpe:/a:redhat:jboss_data_virtualization:6.4	RHSA-2019:3140	2019-10-17T00:00:00Z

References

Link	Providers
http://www.securityfocus.com/bid/106501
https://access.redhat.com/errata/RHSA-2019:1545
https://access.redhat.com/errata/RHSA-2019:3140
https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd%40%3Cuser.thrift.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-11798
https://www.cve.org/CVERecord?id=CVE-2018-11798
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2019-01-07T18:00:00

Updated: 2024-08-05T08:17:09.238Z

Reserved: 2018-06-05T00:00:00

Link: CVE-2018-11798

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-01-07T17:29:00.283

Modified: 2023-11-07T02:51:48.120

Link: CVE-2018-11798

Redhat

Severity : Important

Publid Date: 2018-10-05T00:00:00Z

Links: CVE-2018-11798 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Apache Thrift", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Apache Thrift 0.9.2 to 0.11.0"}]}], "datePublic": "2019-01-07T00:00:00", "descriptions": [{"lang": "en", "value": "The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path."}], "problemTypes": [{"descriptions": [{"description": "Improper Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-17T17:06:28", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "106501", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106501"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd%40%3Cuser.thrift.apache.org%3E"}, {"name": "RHSA-2019:1545", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1545"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "RHSA-2019:3140", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3140"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2018-11798", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Thrift", "version": {"version_data": [{"version_value": "Apache Thrift 0.9.2 to 0.11.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "106501", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106501"}, {"name": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E"}, {"name": "RHSA-2019:1545", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1545"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "RHSA-2019:3140", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3140"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:17:09.238Z"}, "title": "CVE Program Container", "references": [{"name": "106501", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106501"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd%40%3Cuser.thrift.apache.org%3E"}, {"name": "RHSA-2019:1545", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1545"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "RHSA-2019:3140", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3140"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-11798", "datePublished": "2019-01-07T18:00:00", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2024-08-05T08:17:09.238Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:thrift:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "9FF4098E-DE56-4E2D-9CB1-D95BF3419958", "versionEndIncluding": "0.11.0", "versionStartIncluding": "0.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path."}, {"lang": "es", "value": "El servidor web est\u00e1tico Node.js de Apache Thrift, desde su versi\u00f3n 0.9.2 hasta la 0.11.0, contiene una vulnerabilidad de seguridad en la que un usuario remoto tiene la capacidad de acceder a archivos fuera de la ruta webservers docroot predeterminada."}], "id": "CVE-2018-11798", "lastModified": "2023-11-07T02:51:48.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-07T17:29:00.283", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106501"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2019:1545"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2019:3140"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd%40%3Cuser.thrift.apache.org%3E"}, {"source": "security@apache.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-538"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:1545", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "camel-thrift", "product_name": "Red Hat Fuse 7.3.1", "release_date": "2019-06-18T00:00:00Z"}, {"advisory": "RHSA-2019:1545", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "libthrift", "product_name": "Red Hat Fuse 7.3.1", "release_date": "2019-06-18T00:00:00Z"}, {"advisory": "RHSA-2019:3140", "cpe": "cpe:/a:redhat:jboss_data_virtualization:6.4", "package": "libthrift", "product_name": "Red Hat JBoss Data Virtualization 6.4.8", "release_date": "2019-10-17T00:00:00Z"}], "bugzilla": {"description": "thrift: Improper Access Control grants access to files outside the webservers docroot path", "id": "1667188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667188"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-284->CWE-22", "details": ["The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.", "A flaw was found in the Node.js static web server in Apache Thrift, where it allowed a remote user to access files outside of the set web servers' docroot path. An attacker could use this flaw to possibly access unauthorized files and sensitive information."], "name": "CVE-2018-11798", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "thrift", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Will not fix", "package_name": "libthrift", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "libthrift", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Not affected", "package_name": "thrift", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Not affected", "package_name": "thrift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Not affected", "package_name": "thrift", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Not affected", "package_name": "thrift", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Not affected", "package_name": "thrift", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Not affected", "package_name": "thrift", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Not affected", "package_name": "thrift", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "thrift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "libthrift", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "libthrift", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Not affected", "package_name": "libthrift", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}], "public_date": "2018-10-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-11798\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11798"], "statement": "OpenStack and OpenDaylight:\nThe Java implementation of thrift is used in OpenDaylight by parts of the vpnservice functionality. This flaw refers to the JavaScript (node.js) server for Thrift, which is not used or shipped with OpenDaylight or any other part of Red Hat OpenStack Platform.", "threat_severity": "Important", "upstream_fix": "thrift 0.12.0"}