{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-44748", "assignerOrgId": "296541fb-a0e3-4ca7-ab3d-683e666d143e", "state": "PUBLISHED", "assignerShortName": "KNIME", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-11-04T18:16:26.275Z", "datePublished": "2022-11-24T06:36:23.587Z", "dateUpdated": "2024-08-03T14:01:31.162Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "KNIME Server", "vendor": "KNIME", "versions": [{"lessThan": "4.15.3", "status": "affected", "version": "4.15.0", "versionType": "semver"}, {"lessThan": "4.14.3", "status": "affected", "version": "4.14.0", "versionType": "semver"}, {"lessThan": "4.13.6", "status": "affected", "version": "4.3.0", "versionType": "semver"}]}], "datePublic": "2022-11-24T09:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'.<br></div><div><br></div><div>An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.<br></div><div>This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though.</div><div>Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user.</div><div>There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.<br></div>"}], "value": "A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'.\n\n\n\n\n\nAn attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.\n\n\nThis can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though.\n\nNote that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user.\n\nThere is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.\n\n\n"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "296541fb-a0e3-4ca7-ab3d-683e666d143e", "shortName": "KNIME", "dateUpdated": "2022-11-24T06:36:23.587Z"}, "references": [{"url": "https://www.knime.com/security/advisories"}], "source": {"discovery": "INTERNAL"}, "title": "Uploading workflows to KNIME Server may override arbitrary file system contents", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:01:31.162Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.knime.com/security/advisories", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "494D779C-C6DB-46F9-9A52-932BD303F938", "versionEndExcluding": "4.13.6", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CD9DC54-5478-4D9C-987F-62BCD2E9D6B8", "versionEndExcluding": "4.14.3", "versionStartIncluding": "4.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A57784CC-3757-4509-9491-037B3947784D", "versionEndExcluding": "4.15.3", "versionStartIncluding": "4.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'.\n\n\n\n\n\nAn attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.\n\n\nThis can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though.\n\nNote that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user.\n\nThere is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de directory traversal en las rutinas de extracci\u00f3n de archivos ZIP de KNIME Server desde 4.3.0 puede provocar la sobrescritura de archivos arbitrarios en el sistema de archivos del servidor. Esta vulnerabilidad tambi\u00e9n se conoce como 'Zip-slip'. Un atacante puede crear un flujo de trabajo KNIME que, cuando se carga, puede sobrescribir archivos arbitrarios a los que el usuario del sistema operativo que ejecuta el proceso del servidor KNIME tiene acceso de escritura. El usuario debe estar autenticado y tener permisos para cargar archivos al servidor KNIME. Esto puede afectar la integridad de los datos (se modifica el contenido de los archivos) o provocar errores en otro software (se da\u00f1an archivos vitales). Incluso puede conducir a la ejecuci\u00f3n remota de c\u00f3digo si el usuario del proceso del servidor KNIME reemplaza los archivos ejecutables y posteriormente los ejecuta. Sin embargo, en todos los casos el atacante debe conocer la ubicaci\u00f3n de los archivos en el sistema de archivos del servidor. Tenga en cuenta que los usuarios que tienen permisos para cargar flujos de trabajo generalmente tambi\u00e9n tienen permisos para ejecutarlos en el servidor KNIME y, por lo tanto, ya pueden ejecutar c\u00f3digo arbitrario en el contexto del usuario del sistema operativo del ejecutor KNIME. No existe ninguna soluci\u00f3n alternativa para evitar que se aproveche esta vulnerabilidad. Se recomiendan actualizaciones a las versiones fijas 4.13.6, 4.14.3 o 4.15.3."}], "id": "CVE-2022-44748", "lastModified": "2023-11-07T03:54:26.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security@knime.com", "type": "Secondary"}]}, "published": "2022-11-24T07:15:09.973", "references": [{"source": "security@knime.com", "tags": ["Vendor Advisory"], "url": "https://www.knime.com/security/advisories"}], "sourceIdentifier": "security@knime.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@knime.com", "type": "Secondary"}]}

{}