CVE-2023-50164 - OpenCVE

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Struts

Configuration 1 [-]

OR	cpe:2.3:a:apache:struts::::::::
	cpe:2.3:a:apache:struts::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
https://nvd.nist.gov/vuln/detail/CVE-2023-50164
https://security.netapp.com/advisory/ntap-20231214-0010/
https://www.cve.org/CVERecord?id=CVE-2023-50164
https://www.openwall.com/lists/oss-security/2023/12/07/1

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-12-07T08:49:19.853Z

Updated: 2024-08-02T22:09:49.645Z

Reserved: 2023-12-04T08:37:57.468Z

Link: CVE-2023-50164

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-07T09:15:07.060

Modified: 2023-12-20T17:58:26.917

Link: CVE-2023-50164

Redhat

Severity : Critical

Publid Date: 2023-12-07T00:00:00Z

Links: CVE-2023-50164 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50164", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-12-04T08:37:57.468Z", "datePublished": "2023-12-07T08:49:19.853Z", "dateUpdated": "2024-08-02T22:09:49.645Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.struts", "product": "Apache Struts", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.5.32", "status": "affected", "version": "2.0.0", "versionType": "semver"}, {"lessThanOrEqual": "6.3.0.1", "status": "affected", "version": "6.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Steven Seeley of Source Incite"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.</span><br>Users are recommended to upgrade to versions <span style=\"background-color: rgb(255, 255, 255);\">Struts 2.5.33 or Struts 6.3.0.2 or greater to</span> fix this issue.<br>"}], "value": "An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to\u00a0fix this issue.\n"}], "metrics": [{"other": {"content": {"text": "critical"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-12-12T09:26:34.588Z"}, "references": [{"tags": ["vendor-advisory", "mailing-list"], "url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj"}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/07/1"}, {"url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html"}, {"url": "https://security.netapp.com/advisory/ntap-20231214-0010/"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache Struts: File upload component had a directory traversal vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:09:49.645Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj"}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/07/1", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231214-0010/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE174994-63BE-4A3F-A986-7903868FCE23", "versionEndExcluding": "2.5.33", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE0443B-320B-4C29-83DC-624546AEE6D5", "versionEndExcluding": "6.3.0.2", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to\u00a0fix this issue.\n"}, {"lang": "es", "value": "Un atacante puede manipular los par\u00e1metros de carga de archivos para permitir path traversal y, en algunas circunstancias, esto puede provocar la carga de un archivo malicioso que puede usarse para realizar la ejecuci\u00f3n remota de c\u00f3digo. Se recomienda a los usuarios actualizar a las versiones Struts 2.5.33 o Struts 6.3.0.1 o superior para solucionar este problema."}], "id": "CVE-2023-50164", "lastModified": "2023-12-20T17:58:26.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-07T09:15:07.060", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://security.netapp.com/advisory/ntap-20231214-0010/"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2023/12/07/1"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "security@apache.org", "type": "Primary"}]}

{"bugzilla": {"description": "Struts: File upload component had a directory traversal vulnerability", "id": "2253938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-552", "details": ["An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to\u00a0fix this issue.", "A flaw was found in Apache Struts. Affected versions of this package are vulnerable to Remote Code Execution (RCE) via manipulation of file upload parameters that enable path traversal. Under certain conditions, uploading a malicious file is possible, which may then be executed on the server."], "name": "CVE-2023-50164", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "org.apache.struts/struts-core", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:debezium:2", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat Integration Change Data Capture"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss A-MQ 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "struts-core", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat JBoss Web Server 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "Red Hat support for Spring Boot"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "org.apache.struts-struts-core", "product_name": "streams for Apache Kafka"}], "public_date": "2023-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-50164\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-50164\nhttps://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj"], "threat_severity": "Critical", "upstream_fix": "Struts 2.5.33, Struts 6.3.0.2"}