Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for libpve-http-server-perl by Proxmox
CVE-2024-21545 (GCVE-0-2024-21545)
Vulnerability from nvd – Published: 2024-09-24 07:25 – Updated: 2024-09-24 14:57
VLAI
Summary
Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API.
When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the ‘download’ or ‘data’->’download’ objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user.
Two endpoints were identified which can control the object returned by a request handler sufficiently that the ’download’ object is defined and user controlled. This results in arbitrary file read.
The privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Proxmox | pve-manager |
Affected:
0 , < 7.4-19
(semver)
Affected: 8.0.0 , < 8.2.7 (semver) |
|
| Proxmox | libpve-storage-perl |
Affected:
0 , < 7.4-4
(semver)
Affected: 8.0.0 , < 8.2.5 (semver) |
|
| Proxmox | libpve-http-server-perl |
Affected:
3.2-1 , < 4.3.0
(semver)
Affected: 5.0.0 , < 5.1.1 (semver) |
|
| Proxmox | pmg-api |
Affected:
0 , < 7.3-12
(semver)
Affected: 8.0.0 , < 8.1.4 (semver) |
|
| Proxmox | libpve-common-perl (Promox VE 8) |
Affected:
0 , < 8.2.3
(semver)
|
|
| Proxmox | libpve-common-perl (Promox Mail Gateway 8) |
Affected:
0 , < 8.2.5
(semver)
|
|
| proxmox | mail_gateway |
Affected:
6.0 , < 7.2
(semver)
Affected: 8.0 , < 8.1-1 (semver) cpe:2.3:a:proxmox:mail_gateway:*:*:*:*:*:*:*:* |
|
| proxmox | virtual_environment |
Affected:
6.0 , < 7.3
(semver)
Affected: 8.0 , < 8.2-2 (semver) cpe:2.3:a:proxmox:virtual_environment:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proxmox:mail_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mail_gateway",
"vendor": "proxmox",
"versions": [
{
"lessThan": "7.2",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "8.1-1",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:proxmox:virtual_environment:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_environment",
"vendor": "proxmox",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "8.2-2",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:52:32.343980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:57:45.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pve-manager",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "7.4-19",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "8.2.7",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
}
]
},
{
"product": "libpve-storage-perl",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "7.4-4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "8.2.5",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
}
]
},
{
"product": "libpve-http-server-perl",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "3.2-1",
"versionType": "semver"
},
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"product": "pmg-api",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "7.3-12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "8.1.4",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
}
]
},
{
"product": "libpve-common-perl (Promox VE 8)",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "8.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"product": "libpve-common-perl (Promox Mail Gateway 8)",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "8.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rory McNamara (Snyk Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with \u0027Sys.Audit\u0027 or \u0027VM.Monitor\u0027 privileges to download arbitrary host files via the API.\nWhen handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the \u2018download\u2019 or \u2018data\u2019-\u003e\u2019download\u2019 objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user.\nTwo endpoints were identified which can control the object returned by a request handler sufficiently that the \u2019download\u2019 object is defined and user controlled. This results in arbitrary file read.\nThe privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "External Control of File Name or Path",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T07:25:12.184Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://git.proxmox.com/?p=pve-http-server.git;a=blob;f=src/PVE/APIServer/AnyEvent.pm;h=a8d60c18102d2eea9235720852fb60d90f405d0a;hb=HEAD#l988"
},
{
"url": "https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/post-705345"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2024-21545",
"datePublished": "2024-09-24T07:25:12.184Z",
"dateReserved": "2023-12-22T12:33:20.124Z",
"dateUpdated": "2024-09-24T14:57:45.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21545 (GCVE-0-2024-21545)
Vulnerability from cvelistv5 – Published: 2024-09-24 07:25 – Updated: 2024-09-24 14:57
VLAI
Summary
Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API.
When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the ‘download’ or ‘data’->’download’ objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user.
Two endpoints were identified which can control the object returned by a request handler sufficiently that the ’download’ object is defined and user controlled. This results in arbitrary file read.
The privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Proxmox | pve-manager |
Affected:
0 , < 7.4-19
(semver)
Affected: 8.0.0 , < 8.2.7 (semver) |
|
| Proxmox | libpve-storage-perl |
Affected:
0 , < 7.4-4
(semver)
Affected: 8.0.0 , < 8.2.5 (semver) |
|
| Proxmox | libpve-http-server-perl |
Affected:
3.2-1 , < 4.3.0
(semver)
Affected: 5.0.0 , < 5.1.1 (semver) |
|
| Proxmox | pmg-api |
Affected:
0 , < 7.3-12
(semver)
Affected: 8.0.0 , < 8.1.4 (semver) |
|
| Proxmox | libpve-common-perl (Promox VE 8) |
Affected:
0 , < 8.2.3
(semver)
|
|
| Proxmox | libpve-common-perl (Promox Mail Gateway 8) |
Affected:
0 , < 8.2.5
(semver)
|
|
| proxmox | mail_gateway |
Affected:
6.0 , < 7.2
(semver)
Affected: 8.0 , < 8.1-1 (semver) cpe:2.3:a:proxmox:mail_gateway:*:*:*:*:*:*:*:* |
|
| proxmox | virtual_environment |
Affected:
6.0 , < 7.3
(semver)
Affected: 8.0 , < 8.2-2 (semver) cpe:2.3:a:proxmox:virtual_environment:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proxmox:mail_gateway:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mail_gateway",
"vendor": "proxmox",
"versions": [
{
"lessThan": "7.2",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "8.1-1",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:proxmox:virtual_environment:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_environment",
"vendor": "proxmox",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "8.2-2",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T13:52:32.343980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:57:45.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pve-manager",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "7.4-19",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "8.2.7",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
}
]
},
{
"product": "libpve-storage-perl",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "7.4-4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "8.2.5",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
}
]
},
{
"product": "libpve-http-server-perl",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "3.2-1",
"versionType": "semver"
},
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"product": "pmg-api",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "7.3-12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "8.1.4",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
}
]
},
{
"product": "libpve-common-perl (Promox VE 8)",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "8.2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"product": "libpve-common-perl (Promox Mail Gateway 8)",
"vendor": "Proxmox",
"versions": [
{
"lessThan": "8.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rory McNamara (Snyk Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with \u0027Sys.Audit\u0027 or \u0027VM.Monitor\u0027 privileges to download arbitrary host files via the API.\nWhen handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the \u2018download\u2019 or \u2018data\u2019-\u003e\u2019download\u2019 objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user.\nTwo endpoints were identified which can control the object returned by a request handler sufficiently that the \u2019download\u2019 object is defined and user controlled. This results in arbitrary file read.\nThe privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "External Control of File Name or Path",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T07:25:12.184Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://git.proxmox.com/?p=pve-http-server.git;a=blob;f=src/PVE/APIServer/AnyEvent.pm;h=a8d60c18102d2eea9235720852fb60d90f405d0a;hb=HEAD#l988"
},
{
"url": "https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/post-705345"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2024-21545",
"datePublished": "2024-09-24T07:25:12.184Z",
"dateReserved": "2023-12-22T12:33:20.124Z",
"dateUpdated": "2024-09-24T14:57:45.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}