{"containers": {"cna": {"affected": [{"product": "civetweb", "vendor": "civetweb_project", "versions": [{"lessThan": "unspecified", "status": "unaffected", "version": "1.15", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "1.8", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-14T10:06:41", "orgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24", "shortName": "VDOO"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@vdoo.com", "ID": "CVE-2020-27304", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "civetweb", "version": {"version_data": [{"version_affected": "!>=", "version_value": "1.15"}, {"version_affected": ">=", "version_value": "1.8"}]}}]}, "vendor_name": "civetweb_project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-23"}]}]}, "references": {"reference_data": [{"name": "https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/", "refsource": "MISC", "url": "https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/"}, {"name": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ", "refsource": "MISC", "url": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:36.691Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24", "assignerShortName": "VDOO", "cveId": "CVE-2020-27304", "datePublished": "2021-10-21T15:42:23", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2024-08-04T16:11:36.691Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:civetweb_project:civetweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "86B4245C-5C12-424B-A771-E04CE3516108", "versionEndExcluding": "1.15", "versionStartIncluding": "1.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal"}, {"lang": "es", "value": "La biblioteca web CivetWeb no comprueba las rutas de los archivos cargados cuando se ejecuta en un sistema operativo distinto de Windows, cuando es usado el mecanismo incorporado de carga de archivos basado en formularios HTTP, por medio de la API mg_handle_form_request. Las aplicaciones web que usan el manejador de formularios de carga de archivos, y usan partes del nombre de archivo controlado por el usuario en la ruta de salida, son susceptibles a un salto de directorio"}], "id": "CVE-2020-27304", "lastModified": "2024-11-21T05:21:01.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-21T16:15:07.737", "references": [{"source": "vuln@vdoo.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"}, {"source": "vuln@vdoo.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "vuln@vdoo.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ"}, {"source": "vuln@vdoo.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/"}], "sourceIdentifier": "vuln@vdoo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "vuln@vdoo.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:4902", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.67::el8", "impact": "low", "package": "advanced-cluster-security/rhacs-rhel8-operator:3.67.0-3", "product_name": "RHACS-3.67-RHEL-8", "release_date": "2021-12-01T00:00:00Z"}], "bugzilla": {"description": "civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API", "id": "2016640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016640"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-22", "details": ["The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal", "A remote code execution vulnerability was found in CivetWeb (embeddable web server/library). Due to a directory traversal issue, an attacker is able to add or overwrite files that are subsequently executed which lead to impact to confidentiality, integrity, and availability of the application."], "name": "CVE-2020-27304", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:2", "fix_state": "Will not fix", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 2"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Will not fix", "package_name": "ceph", "product_name": "Red Hat Ceph Storage 3"}], "public_date": "2021-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27304\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27304\nhttps://groups.google.com/g/civetweb/c/yPBxNXdGgJQ\nhttps://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/"], "statement": "This issue only impacts CivetWeb-based web applications that use the built-in file upload form handler (full working example in the \u201cembedded_c\u201d example in the CivetWeb sources).\nRed Hat Advanced Cluster Security includes code from CivetWeb in the Collector component, however it does not use the file upload form handler, hence is not impacted by this vulnerability. This vulnerability is rated Low for Red Hat Advanced Cluster Security.", "threat_severity": "Important", "upstream_fix": "CivetWeb 1.15"}