Vulnerabilites related to schneems - wicked
Vulnerability from fkie_nvd
Published
2014-03-11 19:37
Modified
2024-11-21 01:55
Severity ?
Summary
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
References
secalert@redhat.comhttp://seclists.org/oss-sec/2013/q4/43Patch
secalert@redhat.comhttp://secunia.com/advisories/55151Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/62891
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87783
secalert@redhat.comhttps://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2013/q4/43Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55151Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62891
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87783
af854a3a-2127-422b-91ae-364da2661108https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53Exploit, Patch
Impacted products
Vendor Product Version
schneems wicked *
schneems wicked 0.0.1
schneems wicked 0.0.2
schneems wicked 0.1.0
schneems wicked 0.1.1
schneems wicked 0.1.2
schneems wicked 0.1.3
schneems wicked 0.1.4
schneems wicked 0.1.5
schneems wicked 0.1.6
schneems wicked 0.2.0
schneems wicked 0.3.0
schneems wicked 0.3.1
schneems wicked 0.3.2
schneems wicked 0.3.3
schneems wicked 0.3.4
schneems wicked 0.4.0
schneems wicked 0.5.0
schneems wicked 0.6.0
schneems wicked 0.6.1
ruby-lang ruby *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:*:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "7BB24A72-A86D-4C16-BAC7-CE3F433A8C0C",
                     versionEndIncluding: "1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.0.1:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "11C26B86-CDFA-45F3-BD36-E37C3446F9DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.0.2:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "45008888-E02B-4832-B268-733849D30412",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.1.0:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "24678459-FB79-4DE2-9B93-6678C0E59E91",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.1.1:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "9575E1DD-F8FD-4D30-94FC-0903A5C880C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.1.2:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "1D406277-1F89-4B5B-B2DE-FF875F16045E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.1.3:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "06B2A5FC-F95C-4645-9944-1556441EFCE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.1.4:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "EAEC4F02-2F65-4102-9C20-FD09439340FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.1.5:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "8012CC6B-147B-4098-AEF5-273662549248",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.1.6:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "02949A0C-52BA-4519-9236-116062644E13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.2.0:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "1076DC7A-C9FE-4D59-9E83-F018FDAC67F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.3.0:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "A97B76A9-B09F-4014-9C70-49642C04A375",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.3.1:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "B9680911-AD8E-4B3E-A766-3EC01C8ED64E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.3.2:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "B040BF93-15A9-4500-86A3-573D2FEA1BE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.3.3:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "09E23352-72CD-4B0A-89A4-DE01A0F82E57",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.3.4:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "8B3F55EB-B6CC-4AE7-8935-CE0F2BFB10A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.4.0:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "EF94B020-F2D9-4F78-A924-28EFFEA7D1D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.5.0:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "C9288672-11DB-4F74-A6A1-61C2BE06C685",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.6.0:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "82C3CCAE-F8EB-4AFD-8392-22685DB19428",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:schneems:wicked:0.6.1:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "7956F067-453E-438E-A330-B0B4CB03265E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "264DD094-A8CD-465D-B279-C834DDA5F79C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en controller/concerns/render_redirect.rb en la gema Wicked anterior a 1.0.1 para Ruby permite a atacantes remotos leer archivos arbitrarios a través de un %2E%2E%2F (punto punto barra codificado) en el paso.",
      },
   ],
   id: "CVE-2013-4413",
   lastModified: "2024-11-21T01:55:31.137",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-03-11T19:37:02.880",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://seclists.org/oss-sec/2013/q4/43",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/55151",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/62891",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://seclists.org/oss-sec/2013/q4/43",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/55151",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/62891",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2013-4413
Vulnerability from cvelistv5
Published
2014-03-11 15:00
Modified
2024-08-06 16:45
Severity ?
Summary
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
References
http://secunia.com/advisories/55151third-party-advisory, x_refsource_SECUNIA
https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/87783vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/62891vdb-entry, x_refsource_BID
http://seclists.org/oss-sec/2013/q4/43mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:45:14.615Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "55151",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/55151",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53",
               },
               {
                  name: "wicked-gem-cve20134413-dir-trav(87783)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783",
               },
               {
                  name: "62891",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/62891",
               },
               {
                  name: "[oss-security] 20131009 Re: Vulnerability Reported in my Ruby Gem",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2013/q4/43",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-10-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "55151",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/55151",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53",
            },
            {
               name: "wicked-gem-cve20134413-dir-trav(87783)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783",
            },
            {
               name: "62891",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/62891",
            },
            {
               name: "[oss-security] 20131009 Re: Vulnerability Reported in my Ruby Gem",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2013/q4/43",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2013-4413",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "55151",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/55151",
                  },
                  {
                     name: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53",
                     refsource: "CONFIRM",
                     url: "https://github.com/schneems/wicked/commit/fe31bb2533fffc9d098c69ebeb7afc3b80509f53",
                  },
                  {
                     name: "wicked-gem-cve20134413-dir-trav(87783)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/87783",
                  },
                  {
                     name: "62891",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/62891",
                  },
                  {
                     name: "[oss-security] 20131009 Re: Vulnerability Reported in my Ruby Gem",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2013/q4/43",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4413",
      datePublished: "2014-03-11T15:00:00",
      dateReserved: "2013-06-12T00:00:00",
      dateUpdated: "2024-08-06T16:45:14.615Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}