CVE-2019-10048

{"id": "CVE-2019-10048", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2019-05-31T22:29:01.097", "references": [{"url": "https://www.secureauth.com/labs/advisories", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.secureauth.com/labs/advisories", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration."}, {"lang": "es", "value": "hay una vulnerabilidad en el complemento ImageMagick que se instala de forma por defecto en Pydio la versi\u00f3n hasta 8.2.2 en donde no realiza la validaci\u00f3n y saneamianto adecuados de la entrada proporcionada por el usuario en las opciones de configuraci\u00f3n del complemento, lo que permite la introducci\u00f3n de comandos de shell arbitrarios que dan lugar a la ejecuci\u00f3n de comandos en el sistema operativo subyacente. con los privilegios del usuario local que ejecuta el servidor web. El atacante debe estar identificado en la aplicaci\u00f3n con una cuenta de usuario administrador para poder editar la configuraci\u00f3n del complemento afectado."}], "lastModified": "2024-11-21T04:18:16.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pydio:pydio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "124FB681-C23F-46A3-8C12-1BB9535844D3", "versionEndIncluding": "8.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}