CVE-2019-10767 - OpenCVE

An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Iobroker	Iobroker.js-controller

Configuration 1 [-]

cpe:2.3:a:iobroker:iobroker.js-controller:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/ioBroker/ioBroker.js-controller/commit/f6e292c6750a491a5000d0f851b2fede4f9e2fda
https://snyk.io/vuln/SNYK-JS-IOBROKERJSCONTROLLER-534881

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2019-11-21T16:09:40

Updated: 2024-08-04T22:32:01.573Z

Reserved: 2019-04-03T00:00:00

Link: CVE-2019-10767

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-21T17:15:11.350

Modified: 2019-12-03T19:18:47.347

Link: CVE-2019-10767

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "iobroker.js-controller", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions prior to version 2.0.25"}]}], "descriptions": [{"lang": "en", "value": "An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like \"admin\". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled)."}], "problemTypes": [{"descriptions": [{"description": "Directory Traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-25T22:29:42", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ioBroker/ioBroker.js-controller/commit/f6e292c6750a491a5000d0f851b2fede4f9e2fda"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-IOBROKERJSCONTROLLER-534881"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2019-10767", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iobroker.js-controller", "version": {"version_data": [{"version_value": "All versions prior to version 2.0.25"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like \"admin\". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory Traversal"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ioBroker/ioBroker.js-controller/commit/f6e292c6750a491a5000d0f851b2fede4f9e2fda", "refsource": "MISC", "url": "https://github.com/ioBroker/ioBroker.js-controller/commit/f6e292c6750a491a5000d0f851b2fede4f9e2fda"}, {"name": "https://snyk.io/vuln/SNYK-JS-IOBROKERJSCONTROLLER-534881", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-IOBROKERJSCONTROLLER-534881"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:32:01.573Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ioBroker/ioBroker.js-controller/commit/f6e292c6750a491a5000d0f851b2fede4f9e2fda"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-IOBROKERJSCONTROLLER-534881"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2019-10767", "datePublished": "2019-11-21T16:09:40", "dateReserved": "2019-04-03T00:00:00", "dateUpdated": "2024-08-04T22:32:01.573Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iobroker:iobroker.js-controller:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "CB670FA5-5941-470A-8ADE-42670260B615", "versionEndExcluding": "2.0.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like \"admin\". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the authentication is enabled (by default isn't enabled)."}, {"lang": "es", "value": "Un atacante puede incluir el contenido del archivo desde fuera del directorio \"/adapter/xxx/\", donde \"xxx\" es el nombre de un adaptador existente como \"admin\". Esto es explotado utilizando el panel web administrativo con una petici\u00f3n desde un archivo de adaptador. **Nota:** El atacante tiene que iniciar sesi\u00f3n si que la autenticaci\u00f3n est\u00e1 habilitada (por defecto no est\u00e1 habilitada)."}], "id": "CVE-2019-10767", "lastModified": "2019-12-03T19:18:47.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-21T17:15:11.350", "references": [{"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ioBroker/ioBroker.js-controller/commit/f6e292c6750a491a5000d0f851b2fede4f9e2fda"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-IOBROKERJSCONTROLLER-534881"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}