CVE-2019-14466

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.

CVSS v3 6.5 MEDIUM
CVSS v2.0 5.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/gosa-project/gosa-core/pull/29	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00039.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gosa_project:gosa:2.7.5.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-31 18:15

Updated : 2024-02-04 20:39

NVD link : CVE-2019-14466

Mitre link : CVE-2019-14466

CVE.ORG link : CVE-2019-14466

JSON object : View

Products Affected

gosa_project

gosa

debian

debian_linux

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2019-14466", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-12-31T18:15:11.233", "references": [{"url": "https://github.com/gosa-project/gosa-core/pull/29", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00039.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie."}, {"lang": "es", "value": "La cookie de GOsa_Filter_Settings en GONICUS GOsa versi\u00f3n 2.7.5.2, es vulnerable a una inyecci\u00f3n de objeciones de PHP, lo que permite a un atacante autenticado remoto llevar a cabo eliminaciones de archivos (en el contexto de la cuenta de usuario que ejecuta el servidor web) por medio de un valor de cookie especialmente dise\u00f1ado, ya que una deserializaci\u00f3n es usada para restaurar la configuraci\u00f3n del filtro desde una cookie."}], "lastModified": "2020-01-10T19:28:23.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gosa_project:gosa:2.7.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E0B2A42-2186-46EA-BB30-510B98839B09"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}