CVE-2024-39943 - OpenCVE

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rejetto	Http File Server

Configuration 1 [-]

cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d
https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10
https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-04T00:00:00

Updated: 2024-08-02T04:33:11.602Z

Reserved: 2024-07-04T00:00:00

Link: CVE-2024-39943

Vulnrichment

Updated: 2024-08-02T04:33:11.602Z

NVD

Status : Analyzed

Published: 2024-07-04T23:15:09.940

Modified: 2024-07-08T16:42:25.603

Link: CVE-2024-39943

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-39943", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T04:33:11.602Z", "dateReserved": "2024-07-04T00:00:00", "datePublished": "2024-07-04T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-04T22:39:04.461769"}, "descriptions": [{"lang": "en", "value": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads"}, {"url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d"}, {"url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "affected": [{"vendor": "rejetto", "product": "http_file_server", "cpes": ["cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.52.10", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T03:55:26.030939Z", "id": "CVE-2024-39943", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T10:49:16.588Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.602Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads", "tags": ["x_transferred"]}, {"url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d", "tags": ["x_transferred"]}, {"url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads", "tags": ["x_transferred"]}, {"url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d", "tags": ["x_transferred"]}, {"url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.602Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39943", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-12T03:55:26.030939Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*"], "vendor": "rejetto", "product": "http_file_server", "versions": [{"status": "affected", "version": "0", "lessThan": "0.52.10", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T14:50:18.881Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads"}, {"url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d"}, {"url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10"}], "descriptions": [{"lang": "en", "value": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-04T22:39:04.461769"}}}, "cveMetadata": {"cveId": "CVE-2024-39943", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:33:11.602Z", "dateReserved": "2024-07-04T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-04T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "349B809F-44A2-4734-B8E1-95E1A17CB734", "versionEndExcluding": "0.52.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js)."}, {"lang": "es", "value": "rejetto HFS (tambi\u00e9n conocido como servidor de archivos HTTP) 3 anterior a 0.52.10 en Linux, UNIX y macOS permite la ejecuci\u00f3n de comandos del sistema operativo por parte de usuarios remotos autenticados (si tienen permisos de carga). Esto ocurre porque se usa un shell para ejecutar df (es decir, con execSync en lugar de spawnSync en child_process en Node.js)."}], "id": "CVE-2024-39943", "lastModified": "2024-07-08T16:42:25.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2024-07-04T23:15:09.940", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}