OpenCVE

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
H2database	H2
Redhat	Jboss Data Grid

Configuration 1 [-]

cpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Data Grid 7.3.3
h2	cpe:/a:redhat:jboss_data_grid:7.3	RHSA-2020:0727	2020-03-05T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2020:0727
https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20
https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-14335
https://security.netapp.com/advisory/ntap-20240726-0003/
https://www.cve.org/CVERecord?id=CVE-2018-14335
https://www.exploit-db.com/exploits/45105/

History

Tue, 29 Oct 2024 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-277

Tue, 29 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-276
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-24T13:00:00

Updated: 2024-10-29T13:55:12.140Z

Reserved: 2018-07-16T00:00:00

Link: CVE-2018-14335

Vulnrichment

Updated: 2024-08-05T09:21:41.610Z

NVD

Status : Modified

Published: 2018-07-24T13:29:00.603

Modified: 2024-10-29T14:35:05.543

Link: CVE-2018-14335

Redhat

Severity : Moderate

Publid Date: 2018-07-23T00:00:00Z

Links: CVE-2018-14335 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2018-14335", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-29T13:55:12.140Z", "dateReserved": "2018-07-16T00:00:00", "datePublished": "2018-07-24T13:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-28T14:06:06.052195"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "45105", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/45105/"}, {"url": "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20"}, {"name": "[ignite-user] 20191213 Re: H2 version security concern", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E"}, {"name": "RHSA-2020:0727", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0727"}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0003/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2018-07-16T00:00:00"}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "affected": [{"vendor": "h2database", "product": "h2", "cpes": ["cpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.4.197", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-29T16:04:44.539242Z", "id": "CVE-2018-14335", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T13:55:12.140Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:21:41.610Z"}, "title": "CVE Program Container", "references": [{"name": "45105", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45105/"}, {"url": "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20", "tags": ["x_transferred"]}, {"name": "[ignite-user] 20191213 Re: H2 version security concern", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E"}, {"name": "RHSA-2020:0727", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0727"}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0003/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.exploit-db.com/exploits/45105/", "name": "45105", "tags": ["exploit", "x_transferred"]}, {"url": "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E", "name": "[ignite-user] 20191213 Re: H2 version security concern", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2020:0727", "name": "RHSA-2020:0727", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:21:41.610Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-14335", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-29T16:04:44.539242Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*"], "vendor": "h2database", "product": "h2", "versions": [{"status": "affected", "version": "1.4.197"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T16:07:26.754Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-16T00:00:00", "references": [{"url": "https://www.exploit-db.com/exploits/45105/", "name": "45105", "tags": ["exploit"]}, {"url": "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20"}, {"url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E", "name": "[ignite-user] 20191213 Re: H2 version security concern", "tags": ["mailing-list"]}, {"url": "https://access.redhat.com/errata/RHSA-2020:0727", "name": "RHSA-2020:0727", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0003/"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-28T14:06:06.052195"}}}, "cveMetadata": {"cveId": "CVE-2018-14335", "state": "PUBLISHED", "dateUpdated": "2024-10-29T13:55:12.140Z", "dateReserved": "2018-07-16T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2018-07-24T13:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*", "matchCriteriaId": "6FDBF217-B702-422A-AAF9-E2B62C92A591", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file."}, {"lang": "es", "value": "Se ha descubierto un problema en H2 1.4.197. La manipulaci\u00f3n incorrecta de permisos en la funci\u00f3n backup permite que los atacantes lean archivos sensibles (fuera de sus permisos) mediante un v\u00ednculo simb\u00f3lico a un archivo falso de base de datos."}], "id": "CVE-2018-14335", "lastModified": "2024-10-29T14:35:05.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2018-07-24T13:29:00.603", "references": [{"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2020:0727"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20240726-0003/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45105/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0727", "cpe": "cpe:/a:redhat:jboss_data_grid:7.3", "package": "h2", "product_name": "Red Hat Data Grid 7.3.3", "release_date": "2020-03-05T00:00:00Z"}], "bugzilla": {"description": "h2: Information Exposure due to insecure handling of permissions in the backup", "id": "1610877", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610877"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file."], "name": "CVE-2018-14335", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "h2", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Will not fix", "package_name": "h2", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Will not fix", "package_name": "h2", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Out of support scope", "package_name": "h2", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Will not fix", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "h2", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2018-07-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-14335\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14335"], "threat_severity": "Moderate"}