{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1485", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-02-13T21:47:23.979Z", "datePublished": "2024-02-13T23:31:14.427Z", "dateUpdated": "2024-11-06T14:50:04.605Z"}, "containers": {"cna": {"title": "Registry-support: decompress can delete files outside scope via relative paths", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed."}], "affected": [{"versions": [{"status": "affected", "version": "1.16.2"}], "packageName": "registry-support", "collectionURL": "https://github.com/devfile/registry-support", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "odo", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:ocp_tools"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-console", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-1485", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", "name": "RHBZ#2264106", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm"}, {"url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d"}, {"url": "https://github.com/devfile/registry-support/pull/197"}], "datePublic": "2024-02-05T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "Relative Path Traversal", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-349->CWE-23: Acceptance of Extraneous Untrusted Data With Trusted Data leads to Relative Path Traversal", "workarounds": [{"lang": "en", "value": "Limit or block the parsing of devfiles from untrusted sources."}], "timeline": [{"lang": "en", "time": "2024-02-13T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-05T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Joern Schneeweisz (GitLab Security Research Team) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-06T14:50:04.605Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1485", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-21T20:39:09.253403Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:53.512Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.236Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-1485", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", "name": "RHBZ#2264106", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm", "tags": ["x_transferred"]}, {"url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d", "tags": ["x_transferred"]}, {"url": "https://github.com/devfile/registry-support/pull/197", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-1485", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", "name": "RHBZ#2264106", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm", "tags": ["x_transferred"]}, {"url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d", "tags": ["x_transferred"]}, {"url": "https://github.com/devfile/registry-support/pull/197", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.236Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1485", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-21T20:39:09.253403Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.490Z"}}], "cna": {"title": "Registry-support: decompress can delete files outside scope via relative paths", "credits": [{"lang": "en", "value": "Red Hat would like to thank Joern Schneeweisz (GitLab Security Research Team) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "1.16.2"}], "packageName": "registry-support", "collectionURL": "https://github.com/devfile/registry-support", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:ocp_tools"], "vendor": "Red Hat", "product": "OpenShift Developer Tools and Services", "packageName": "odo", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-console", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-02-13T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-02-05T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-02-05T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-1485", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106", "name": "RHBZ#2264106", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm"}, {"url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d"}, {"url": "https://github.com/devfile/registry-support/pull/197"}], "workarounds": [{"lang": "en", "value": "Limit or block the parsing of devfiles from untrusted sources."}], "descriptions": [{"lang": "en", "value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "Relative Path Traversal"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-06T14:50:04.605Z"}, "x_redhatCweChain": "CWE-349->CWE-23: Acceptance of Extraneous Untrusted Data With Trusted Data leads to Relative Path Traversal"}}, "cveMetadata": {"cveId": "CVE-2024-1485", "state": "PUBLISHED", "dateUpdated": "2024-11-06T14:50:04.605Z", "dateReserved": "2024-02-13T21:47:23.979Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-02-13T23:31:14.427Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devfile:registry-support:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FDBF67C-FADA-4C25-9795-E099C8D0DB56", "versionEndExcluding": "0.0.0-20240206", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F7E2F04-474D-4196-9CE8-242642990A16", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "97321212-0E07-4CC2-A917-7B5F61AB9A5A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en la funci\u00f3n de descompresi\u00f3n del soporte de registro. Este problema puede ser desencadenado por un atacante remoto no autenticado al enga\u00f1ar a un usuario para que abra un archivo .tar especialmente modificado, lo que lleva al proceso de limpieza a seguir rutas relativas para sobrescribir o eliminar archivos fuera del alcance previsto."}], "id": "CVE-2024-1485", "lastModified": "2024-10-21T20:13:56.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-02-14T00:15:46.783", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-1485"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/devfile/registry-support/pull/197"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-23"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Joern Schneeweisz (GitLab Security Research Team) for reporting this issue.", "bugzilla": {"description": "registry-support: decompress can delete files outside scope via relative paths", "id": "2264106", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H", "status": "draft"}, "cwe": "CWE-349->CWE-23", "details": ["A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.", "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed."], "mitigation": {"lang": "en:us", "value": "Limit or block the parsing of devfiles from untrusted sources."}, "name": "CVE-2024-1485", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "odo", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-02-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-1485\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1485\nhttps://github.com/advisories/GHSA-84xv-jfrm-h4gm\nhttps://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d\nhttps://github.com/devfile/registry-support/pull/197"], "statement": "Red Hat Openshift has a \"Low\" rated impact due to the affected code being shipped, but unused.", "threat_severity": "Important"}