CVE-2019-13241 - OpenCVE

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Flightcrew Project	Flightcrew

Configuration 1 [-]

cpe:2.3:a:flightcrew_project:flightcrew:*:*:*:*:*:sigil:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

No data.

References

Link	Providers
https://github.com/Sigil-Ebook/flightcrew/issues/52
https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3/
https://usn.ubuntu.com/4055-1/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-04T14:31:05

Updated: 2024-08-04T23:49:23.914Z

Reserved: 2019-07-04T00:00:00

Link: CVE-2019-13241

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-04T15:15:11.280

Modified: 2023-02-28T20:48:59.907

Link: CVE-2019-13241

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-15T15:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/Sigil-Ebook/flightcrew/issues/52"}, {"tags": ["x_refsource_MISC"], "url": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3/"}, {"name": "USN-4055-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4055-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13241", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Sigil-Ebook/flightcrew/issues/52", "refsource": "MISC", "url": "https://github.com/Sigil-Ebook/flightcrew/issues/52"}, {"name": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3/", "refsource": "MISC", "url": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3/"}, {"name": "USN-4055-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4055-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:49:23.914Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Sigil-Ebook/flightcrew/issues/52"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3/"}, {"name": "USN-4055-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4055-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13241", "datePublished": "2019-07-04T14:31:05", "dateReserved": "2019-07-04T00:00:00", "dateUpdated": "2024-08-04T23:49:23.914Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flightcrew_project:flightcrew:*:*:*:*:*:sigil:*:*", "matchCriteriaId": "9CD25AA7-C650-4A1E-ABA6-5F189B404CC9", "versionEndIncluding": "0.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction."}, {"lang": "es", "value": "FlightCrew versi\u00f3n 0.9.2 y anteriores son vulnerables a un ataque de salto de directorio, lo que permite que los atacantes escriban archivos arbitrarios mediante un ../ (punto punto barra) en una entrada de archivo Zip que se gestiona de manera incorrecta durante la extracci\u00f3n."}], "id": "CVE-2019-13241", "lastModified": "2023-02-28T20:48:59.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-04T15:15:11.280", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Sigil-Ebook/flightcrew/issues/52"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4055-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}