CVE-2020-10289 - OpenCVE

Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openrobotics	Robot Operating System

Configuration 1 [-]

cpe:2.3:o:openrobotics:robot_operating_system:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/ros/actionlib/pull/171

History

No history.

MITRE

Status: PUBLISHED

Assigner: Alias

Published: 2020-08-20T08:05:14.408034Z

Updated: 2024-09-16T21:57:52.714Z

Reserved: 2020-03-10T00:00:00

Link: CVE-2020-10289

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-20T08:15:10.357

Modified: 2021-12-20T22:30:26.970

Link: CVE-2020-10289

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ros", "vendor": "Open Robotics", "versions": [{"status": "affected", "version": "ROS Melodic Morenia and prior distros"}]}], "credits": [{"lang": "en", "value": "Alias Robotics"}], "datePublic": "2020-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-31T15:07:50", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ros/actionlib/pull/171"}], "source": {"defect": ["RVD#2401"], "discovery": "EXTERNAL"}, "title": "RVD#2401: Use of unsafe yaml load, ./src/actionlib/tools/library.py:132", "x_generator": {"engine": "Robot Vulnerability Database (RVD)"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-08-20T08:00:46 +00:00", "ID": "CVE-2020-10289", "STATE": "PUBLIC", "TITLE": "RVD#2401: Use of unsafe yaml load, ./src/actionlib/tools/library.py:132"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ros", "version": {"version_data": [{"version_value": "ROS Melodic Morenia and prior distros"}]}}]}, "vendor_name": "Open Robotics"}]}}, "credit": [{"lang": "eng", "value": "Alias Robotics"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug."}]}, "generator": {"engine": "Robot Vulnerability Database (RVD)"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "high", "confidentialityImpact": "LOW", "integrityImpact": "REQUIRED", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ros/actionlib/pull/171", "refsource": "CONFIRM", "url": "https://github.com/ros/actionlib/pull/171"}]}, "source": {"defect": ["RVD#2401"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:58:40.194Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ros/actionlib/pull/171"}]}]}, "cveMetadata": {"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10289", "datePublished": "2020-08-20T08:05:14.408034Z", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2024-09-16T21:57:52.714Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openrobotics:robot_operating_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFEE12D7-4A38-466E-B8E0-D0FADBC00CE4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug."}, {"lang": "es", "value": "El uso de una carga de yaml no segura. Permite la creaci\u00f3n de instancias de objetos arbitrarios. El fallo en s\u00ed es causado por un an\u00e1lisis no seguro de los valores YAML que ocurre cada vez que un mensaje de acci\u00f3n es procesado para ser enviado y permite la creaci\u00f3n de objetos de Python. A trav\u00e9s de este fallo en el paquete central ROS de actionlib, un atacante con acceso local o remoto puede hacer que ROS Master, ejecute c\u00f3digo arbitrario en un formulario de Python. Considere en su lugar la funci\u00f3n yaml.safe_load(). Ubicada primero en la biblioteca actionlib/tools/library.py:132. Consulte los enlaces para m\u00e1s informaci\u00f3n sobre el error."}], "id": "CVE-2020-10289", "lastModified": "2021-12-20T22:30:26.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "cve@aliasrobotics.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-20T08:15:10.357", "references": [{"source": "cve@aliasrobotics.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ros/actionlib/pull/171"}], "sourceIdentifier": "cve@aliasrobotics.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve@aliasrobotics.com", "type": "Secondary"}]}