CVE-2019-1010179 - OpenCVE

PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: function pgp_exec() phkp.php:98. The attack vector is: HKP-Api: /pks/lookup?search.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phkp Project	Phkp

Configuration 1 [-]

cpe:2.3:a:phkp_project:phkp:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/remko/phkp/issues/1

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-24T13:44:50

Updated: 2024-08-05T03:07:18.485Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010179

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-24T14:15:10.923

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-1010179

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PHKP", "vendor": "PHKP", "versions": [{"status": "affected", "version": "including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b (as of 2018-09-15)"}]}], "descriptions": [{"lang": "en", "value": "PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: function pgp_exec() phkp.php:98. The attack vector is: HKP-Api: /pks/lookup?search."}], "problemTypes": [{"descriptions": [{"description": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-24T13:44:50", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/remko/phkp/issues/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010179", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHKP", "version": {"version_data": [{"version_value": "including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b (as of 2018-09-15)"}]}}]}, "vendor_name": "PHKP"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: function pgp_exec() phkp.php:98. The attack vector is: HKP-Api: /pks/lookup?search."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/remko/phkp/issues/1", "refsource": "MISC", "url": "https://github.com/remko/phkp/issues/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.485Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/remko/phkp/issues/1"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010179", "datePublished": "2019-07-24T13:44:50", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.485Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phkp_project:phkp:-:*:*:*:*:*:*:*", "matchCriteriaId": "25C1533B-9CF2-4C96-9050-D8285C7F042D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: function pgp_exec() phkp.php:98. The attack vector is: HKP-Api: /pks/lookup?search."}, {"lang": "es", "value": "El PHKP, incluido el commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b, est\u00e1 afectado por: Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando ('Command Injection'). El impacto es: es posible manipular las claves gpg o ejecutar comandos de forma remota. El componente es: function pgp_exec () phkp.php: 98. El vector de ataque es: HKP-Api: / pks / lookup? Search."}], "id": "CVE-2019-1010179", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-24T14:15:10.923", "references": [{"source": "josh@bress.net", "tags": ["Third Party Advisory"], "url": "https://github.com/remko/phkp/issues/1"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}