CVE-2024-25123

{"id": "CVE-2024-25123", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-15T22:15:48.060", "references": [{"url": "https://github.com/Open-MSS/MSS/commit/f23033729ee930b97f8bdbd07df0174311c9b658", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Open-MSS/MSS/security/advisories/GHSA-pf2h-qjcr-qvq2", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Open-MSS/MSS/commit/f23033729ee930b97f8bdbd07df0174311c9b658", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Open-MSS/MSS/security/advisories/GHSA-pf2h-qjcr-qvq2", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The `filename` variable is joined with other variables to form a file path in `_file`. However, `filename` is a route parameter that can capture path type values i.e. values including slashes (\\). So it is possible for an attacker to manipulate the file being read by assigning a value containing ../ to `filename` and so the attacker may be able to gain access to other files on the host filesystem. This issue has been addressed in MSS version 8.3.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "MSS (Mission Support System) es un paquete de c\u00f3digo abierto dise\u00f1ado para planificar vuelos de investigaci\u00f3n atmosf\u00e9rica. En el archivo: `index.py`, hay un m\u00e9todo que es vulnerable a un ataque de manipulaci\u00f3n de ruta. Al modificar las rutas de los archivos, un atacante puede adquirir informaci\u00f3n confidencial de diferentes recursos. La variable `filename` se une con otras variables para formar una ruta de archivo en `_file`. Sin embargo, \"filename\" es un par\u00e1metro de ruta que puede capturar valores de tipo de ruta, es decir, valores que incluyen barras (\\). Por lo tanto, es posible que un atacante manipule el archivo que se est\u00e1 leyendo asignando un valor que contenga ../ a \"nombre de archivo\" y, por lo tanto, el atacante puede obtener acceso a otros archivos en el sistema de archivos del host. Este problema se solucion\u00f3 en la versi\u00f3n 8.3.3 de MSS. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2025-01-09T14:30:38.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:open-mss:mission_support_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B7F0B0B-30B1-417F-921B-224994383294", "versionEndExcluding": "8.3.3", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}