CVE-2024-39943 - Vulnerability Details - OpenCVE

Description

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).

Published: 2024-07-04

Score: 9.9 Critical

EPSS: 78.3% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-5f4x-hwv2-w9w2	rejetto HFS vulnerable to OS Command Execution by remote authenticated users

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.78344.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d
https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10
https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads

History

No history.

Subscriptions

Rejetto Http File Server

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-04T00:00:00.000Z

Updated: 2024-08-02T04:33:11.602Z

Reserved: 2024-07-04T00:00:00.000Z

Link: CVE-2024-39943

Vulnrichment

Updated: 2024-08-02T04:33:11.602Z

NVD

Status : Modified

Published: 2024-07-04T23:15:09.940

Modified: 2024-11-21T09:28:37.253

Link: CVE-2024-39943

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-39943", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T04:33:11.602Z", "dateReserved": "2024-07-04T00:00:00.000Z", "datePublished": "2024-07-04T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-04T22:39:04.461Z"}, "descriptions": [{"lang": "en", "value": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads"}, {"url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d"}, {"url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "affected": [{"vendor": "rejetto", "product": "http_file_server", "cpes": ["cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.52.10", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T03:55:26.030939Z", "id": "CVE-2024-39943", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T10:49:16.588Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.602Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads", "tags": ["x_transferred"]}, {"url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d", "tags": ["x_transferred"]}, {"url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads", "tags": ["x_transferred"]}, {"url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d", "tags": ["x_transferred"]}, {"url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.602Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39943", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-12T03:55:26.030939Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*"], "vendor": "rejetto", "product": "http_file_server", "versions": [{"status": "affected", "version": "0", "lessThan": "0.52.10", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T14:50:18.881Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads"}, {"url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d"}, {"url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10"}], "descriptions": [{"lang": "en", "value": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-04T22:39:04.461769"}}}, "cveMetadata": {"cveId": "CVE-2024-39943", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:33:11.602Z", "dateReserved": "2024-07-04T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-04T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "349B809F-44A2-4734-B8E1-95E1A17CB734", "versionEndExcluding": "0.52.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js)."}, {"lang": "es", "value": "rejetto HFS (tambi\u00e9n conocido como servidor de archivos HTTP) 3 anterior a 0.52.10 en Linux, UNIX y macOS permite la ejecuci\u00f3n de comandos del sistema operativo por parte de usuarios remotos autenticados (si tienen permisos de carga). Esto ocurre porque se usa un shell para ejecutar df (es decir, con execSync en lugar de spawnSync en child_process en Node.js)."}], "id": "CVE-2024-39943", "lastModified": "2024-11-21T09:28:37.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-04T23:15:09.940", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}