CVE-2019-5624 - OpenCVE

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rapid7	Metasploit

Configuration 1 [-]

cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.doyensec.com/2019/04/24/rubyzip-bug.html
https://github.com/rapid7/metasploit-framework/pull/11716
https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2019-04-30T16:53:31.816001Z

Updated: 2024-09-17T04:29:13.622Z

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5624

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-30T17:29:01.087

Modified: 2023-02-01T02:22:17.277

Link: CVE-2019-5624

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Metasploit Framework", "vendor": "Rapid7", "versions": [{"lessThanOrEqual": "4.14.0", "status": "affected", "version": "4.14.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni."}], "datePublic": "2019-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-30T16:53:31", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rapid7/metasploit-framework/pull/11716"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"}], "solutions": [{"lang": "en", "value": "Update to version 4.15.0 or later."}], "source": {"discovery": "USER"}, "title": "Rapid7 Metasploit Framework Zip Import Directory Traversal", "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2019-04-24T18:00:00.000Z", "ID": "CVE-2019-5624", "STATE": "PUBLIC", "TITLE": "Rapid7 Metasploit Framework Zip Import Directory Traversal"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Metasploit Framework", "version": {"version_data": [{"platform": "", "version_affected": "<=", "version_name": "4.14.0", "version_value": "4.14.0"}]}}]}, "vendor_name": "Rapid7"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rapid7/metasploit-framework/pull/11716", "refsource": "CONFIRM", "url": "https://github.com/rapid7/metasploit-framework/pull/11716"}, {"name": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416", "refsource": "CONFIRM", "url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"}, {"name": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html", "refsource": "MISC", "url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"}]}, "solution": [{"lang": "en", "value": "Update to version 4.15.0 or later."}], "source": {"discovery": "USER"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.586Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rapid7/metasploit-framework/pull/11716"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5624", "datePublished": "2019-04-30T16:53:31.816001Z", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-09-17T04:29:13.622Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*", "matchCriteriaId": "006185B3-4A66-4A98-A991-831DCCA0C619", "versionEndIncluding": "4.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."}, {"lang": "es", "value": "Rapid7 Metasploit Framework padece de una situaci\u00f3n de CWE-22, limitaci\u00f3n inapropiada de un Pathname a un directorio restringido ('Path Traversal') en la funci\u00f3n Zip import de Metasploit. La operaci\u00f3n de esta vulnerabilidad puede permitir a un atacante ejecutar c\u00f3digo arbitrario en Metasploit desde el nivel de privilegio del usuario que ejecuta Metasploit. Este problema afecta a: Rapid7 Metasploit Framework versi\u00f3n 4.14.0 y versiones anteriores."}], "id": "CVE-2019-5624", "lastModified": "2023-02-01T02:22:17.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.1, "impactScore": 5.8, "source": "cve@rapid7.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-30T17:29:01.087", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/11716"}, {"source": "cve@rapid7.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "cve@rapid7.com", "type": "Secondary"}]}