CVE-2019-9889 - OpenCVE

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vanillaforums	Vanilla

Configuration 1 [-]

cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22
https://github.com/vanilla/vanilla/pull/7840
https://hackerone.com/reports/411140

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-20T22:12:27

Updated: 2024-08-04T22:01:55.132Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-9889

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-21T16:01:17.627

Modified: 2019-03-26T14:09:25.307

Link: CVE-2019-9889

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-20T22:12:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/411140"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vanilla/vanilla/pull/7840"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9889", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/411140", "refsource": "MISC", "url": "https://hackerone.com/reports/411140"}, {"name": "https://github.com/vanilla/vanilla/pull/7840", "refsource": "MISC", "url": "https://github.com/vanilla/vanilla/pull/7840"}, {"name": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22", "refsource": "MISC", "url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:01:55.132Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/411140"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vanilla/vanilla/pull/7840"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9889", "datePublished": "2019-03-20T22:12:27", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-04T22:01:55.132Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "43589609-CB2B-4C9D-8DEE-47447B8AFA56", "versionEndExcluding": "2.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code under the context of the web server."}, {"lang": "es", "value": "En Vanilla, en versiones anteriores a la 2.6.4, existe un error en la funci\u00f3n getSingleIndex de la clase AddonManager. Este problema resulta en una llamada \"require\" que emplea un valor de tipo manipulado, lo que conduce a un salto de directorio con una inclusi\u00f3n de archivos. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del servidor web."}], "id": "CVE-2019-9889", "lastModified": "2019-03-26T14:09:25.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:01:17.627", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/vanilla/vanilla/compare/b043ae8...9f12b22"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/vanilla/vanilla/pull/7840"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackerone.com/reports/411140"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}