CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/luin/medis/issues/109	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:getmedis:medis:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-26 16:29

Updated : 2024-02-04 19:46

NVD link : CVE-2018-1000536

Mitre link : CVE-2018-1000536

CVE.ORG link : CVE-2018-1000536

JSON object : View

Products Affected

getmedis

medis

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2018-1000536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-06-26T16:29:02.040", "references": [{"url": "https://github.com/luin/medis/issues/109", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value."}, {"lang": "es", "value": "Medis en versiones 0.6.1 y anteriores contiene una vulnerabilidad Cross-Site Scripting (XSS) que evoluciona a una ejecuci\u00f3n de c\u00f3digo debido a que se habilita nodeIntegration para la vulnerabilidad del proceso renderer en el par\u00e1metro key name durante la creaci\u00f3n de nuevas claves. Esto puede resultar en la ejecuci\u00f3n de c\u00f3digo no autorizado en la m\u00e1quina de la v\u00edctima con los derechos de la aplicaci\u00f3n en ejecuci\u00f3n. El ataque parece ser explotable si una v\u00edctima sincroniza datos desde el servidor redis que contiene valores de clave maliciosos."}], "lastModified": "2018-08-27T18:19:25.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getmedis:medis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C383BAB-CD05-45CF-9B09-0B2E7CDDEB65", "versionEndIncluding": "0.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}