CVE-2020-15849 - Vulnerability Details - OpenCVE

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Re-desk	Re\

Configuration 1 [-]

cpe:2.3:a:re-desk:re\:desk:2.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/
https://www.re-desk.com/download-help-desk-software.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-30T18:28:20

Updated: 2024-08-04T13:30:22.948Z

Reserved: 2020-07-20T00:00:00

Link: CVE-2020-15849

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-30T19:15:13.180

Modified: 2024-11-21T05:06:18.423

Link: CVE-2020-15849

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-30T18:28:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.re-desk.com/download-help-desk-software.html"}, {"tags": ["x_refsource_MISC"], "url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15849", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.re-desk.com/download-help-desk-software.html", "refsource": "MISC", "url": "https://www.re-desk.com/download-help-desk-software.html"}, {"name": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/", "refsource": "MISC", "url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:30:22.948Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.re-desk.com/download-help-desk-software.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15849", "datePublished": "2020-09-30T18:28:20", "dateReserved": "2020-07-20T00:00:00", "dateUpdated": "2024-08-04T13:30:22.948Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:re-desk:re\\:desk:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "34C4228B-7583-4BC3-A0D1-A5E60AF4E874", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488)."}, {"lang": "es", "value": "Re:Desk versi\u00f3n 2.3, presenta una vulnerabilidad de inyecci\u00f3n SQL autenticada ciega en la clase SettingsController, en el m\u00e9todo actionEmailTemplates(). Un actor malicioso con acceso a una cuenta administrativa podr\u00eda abusar de esta vulnerabilidad para recuperar datos confidenciales de la base de datos de la aplicaci\u00f3n, permitiendo omitir la autorizaci\u00f3n y hacerse cargo de cuentas adicionales mediante la modificaci\u00f3n de tokens de restablecimiento de contrase\u00f1a almacenados en la base de datos. Una ejecuci\u00f3n de comandos remota tambi\u00e9n es posible al aprovechar esto para abusar de la funcionalidad bizRule del framework Yii, permitiendo que un c\u00f3digo PHP arbitrario sea ejecutado por la aplicaci\u00f3n. Una ejecuci\u00f3n de comandos remota tambi\u00e9n es posible al usar esto junto con una vulnerabilidad de carga de archivos no segura separada (CVE-2020-15488)"}], "id": "CVE-2020-15849", "lastModified": "2024-11-21T05:06:18.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-30T19:15:13.180", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.re-desk.com/download-help-desk-software.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.f-secure.com/advisories/redesk-v2-3-multiple-issues/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://www.re-desk.com/download-help-desk-software.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}