CVE-2020-15224 - OpenCVE

Vendors	Products
Openenclave	Openenclave

Link	Providers
https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120
https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b
https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m

{"containers": {"cna": {"affected": [{"product": "openenclave", "vendor": "openenclave", "versions": [{"status": "affected", "version": "< 0.12.0"}]}], "descriptions": [{"lang": "en", "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-14T18:35:16", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"}], "source": {"advisory": "GHSA-525h-wxcc-f66m", "discovery": "UNKNOWN"}, "title": "Socket syscalls can leak enclave memory contents in Open Enclave", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15224", "STATE": "PUBLIC", "TITLE": "Socket syscalls can leak enclave memory contents in Open Enclave"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openenclave", "version": {"version_data": [{"version_value": "< 0.12.0"}]}}]}, "vendor_name": "openenclave"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-552 Files or Directories Accessible to External Parties"}]}]}, "references": {"reference_data": [{"name": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m", "refsource": "CONFIRM", "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"}, {"name": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120", "refsource": "MISC", "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"}, {"name": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b", "refsource": "MISC", "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"}]}, "source": {"advisory": "GHSA-525h-wxcc-f66m", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.881Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15224", "datePublished": "2020-10-14T18:35:17", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.881Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*", "matchCriteriaId": "99DFEB28-6E1E-4073-9AFF-F09D44D22F7E", "versionEndExcluding": "0.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."}, {"lang": "es", "value": "En Open Enclave versiones anteriores a 0.12.0, se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando una aplicaci\u00f3n enclave que usa las llamadas al sistema proporcionadas por el archivo sockets.edl es cargada por una aplicaci\u00f3n de host maliciosa. Un atacante que explote con \u00e9xito la vulnerabilidad podr\u00eda leer datos privilegiados de la pila de enclave a trav\u00e9s de l\u00edmites confiables. Para explotar esta vulnerabilidad, un atacante tendr\u00eda que iniciar sesi\u00f3n en un sistema afectado y ejecutar una aplicaci\u00f3n especialmente dise\u00f1ada. La vulnerabilidad no permitir\u00eda a un atacante elevar los derechos de usuarios directamente, pero podr\u00eda ser usada para obtener informaci\u00f3n que de otro modo se considerar\u00eda confidencial en un enclave, que podr\u00eda usarse en compromisos adicionales. El problema ha sido abordado en la versi\u00f3n 0.12.0 y en la rama maestra actual. Los usuarios deber\u00e1n volver a compilar sus aplicaciones con las bibliotecas parcheadas para estar protegidos de esta vulnerabilidad"}], "id": "CVE-2020-15224", "lastModified": "2021-11-18T17:00:11.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-10-14T19:15:13.633", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-552"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object