CVE-2024-31226 - OpenCVE

Link	Providers
https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a
https://github.com/LizardByte/Sunshine/pull/2379
https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:lizardbyte:sunshine::::::::
Vendors & Products	Lizardbyte Lizardbyte sunshine
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31226", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-29T14:16:31.902Z", "datePublished": "2024-05-16T18:12:57.081Z", "dateUpdated": "2024-08-15T14:28:39.036Z"}, "containers": {"cna": {"title": "Sunshine's unquoted executable path could lead to hijacked execution flow", "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "lang": "en", "description": "CWE-428: Unquoted Search Path or Element", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp"}, {"name": "https://github.com/LizardByte/Sunshine/pull/2379", "tags": ["x_refsource_MISC"], "url": "https://github.com/LizardByte/Sunshine/pull/2379"}, {"name": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a", "tags": ["x_refsource_MISC"], "url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a"}], "affected": [{"vendor": "LizardByte", "product": "Sunshine", "versions": [{"version": ">= 0.17.0, < 0.23.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-16T18:12:57.081Z"}, "descriptions": [{"lang": "en", "value": "Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\\Program.exe`, `C:\\Program.bat`, or `C:\\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories."}], "source": {"advisory": "GHSA-r3rw-mx4q-7vfp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:46:04.972Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp"}, {"name": "https://github.com/LizardByte/Sunshine/pull/2379", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/LizardByte/Sunshine/pull/2379"}, {"name": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a"}]}, {"affected": [{"vendor": "lizardbyte", "product": "sunshine", "cpes": ["cpe:2.3:a:lizardbyte:sunshine:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.17", "status": "affected", "lessThan": "0.23", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-23T20:37:55.439986Z", "id": "CVE-2024-31226", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T14:28:39.036Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp", "name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/LizardByte/Sunshine/pull/2379", "name": "https://github.com/LizardByte/Sunshine/pull/2379", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a", "name": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:46:04.972Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31226", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-23T20:37:55.439986Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lizardbyte:sunshine:*:*:*:*:*:*:*:*"], "vendor": "lizardbyte", "product": "sunshine", "versions": [{"status": "affected", "version": "0.17", "lessThan": "0.23", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T20:37:48.852Z"}}], "cna": {"title": "Sunshine's unquoted executable path could lead to hijacked execution flow", "source": {"advisory": "GHSA-r3rw-mx4q-7vfp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "LizardByte", "product": "Sunshine", "versions": [{"status": "affected", "version": ">= 0.17.0, < 0.23.0"}]}], "references": [{"url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp", "name": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/LizardByte/Sunshine/pull/2379", "name": "https://github.com/LizardByte/Sunshine/pull/2379", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a", "name": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\\Program.exe`, `C:\\Program.bat`, or `C:\\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-428", "description": "CWE-428: Unquoted Search Path or Element"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-16T18:12:57.081Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31226", "state": "PUBLISHED", "dateUpdated": "2024-08-15T14:28:39.036Z", "dateReserved": "2024-03-29T14:16:31.902Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-16T18:12:57.081Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\\Program.exe`, `C:\\Program.bat`, or `C:\\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories."}, {"lang": "es", "value": "Sunshine es un anfitri\u00f3n de transmisi\u00f3n de juegos autohospedado para Moonlight. Los usuarios que ejecutaron las versiones de Sunshine 0.17.0 a 0.22.2 como servicio en Windows pueden verse afectados al finalizar el servicio si un ataque coloc\u00f3 un archivo llamado `C:\\Program.exe`, `C:\\Program.bat` o `C:\\Program.cmd` en la computadora del usuario. Este vector de ataque no es explotable a menos que el usuario haya aflojado manualmente las ACL en la unidad del sistema. Si la configuraci\u00f3n regional del sistema del usuario no es ingl\u00e9s, es probable que el nombre del ejecutable var\u00ede. La versi\u00f3n 0.23.0 contiene un parche para el problema. Algunas soluciones est\u00e1n disponibles. Se pueden identificar y bloquear la intercepci\u00f3n de rutas ejecutadas de software potencialmente malicioso mediante el uso de herramientas de control de aplicaciones, como el control de aplicaciones de Windows Defender, AppLocker o las pol\u00edticas de restricci\u00f3n de software, cuando corresponda. Alternativamente, aseg\u00farese de que los permisos y el control de acceso al directorio adecuados est\u00e9n configurados para negar a los usuarios la capacidad de escribir archivos en el directorio de nivel superior `C:`. Requiere que todos los ejecutables se coloquen en directorios protegidos contra escritura."}], "id": "CVE-2024-31226", "lastModified": "2024-05-17T18:36:31.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.1, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-16T19:15:49.560", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/LizardByte/Sunshine/commit/93e622342c4f3e9b34f5f265039b6775b8e33a7a"}, {"source": "security-advisories@github.com", "url": "https://github.com/LizardByte/Sunshine/pull/2379"}, {"source": "security-advisories@github.com", "url": "https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object