cnvd - cnvd-2020-34630

CNVD-2020-34630

Vulnerability from cnvd - Published: 2020-06-24

Title

Anchore Engine命令执行漏洞

Description

Anchore Engine是美国Anchore公司的一款分析Docker映像并应用用户定义的接受策略以允许自动容器映像验证和认证的开源服务。 Anchore Engine 0.7.0版本中存在安全漏洞。攻击者可利用该漏洞执行命令，包括访问数据库凭证及正在运行的engien analyzer服务的环境。

Severity

中

Patch Name

Anchore Engine命令执行漏洞的补丁

Patch Description

Anchore Engine是美国Anchore公司的一款分析Docker映像并应用用户定义的接受策略以允许自动容器映像验证和认证的开源服务。 Anchore Engine 0.7.0版本中存在安全漏洞。攻击者可利用该漏洞执行命令，包括访问数据库凭证及正在运行的engien analyzer服务的环境。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-11075

Impacted products

Name
Anchore Engine 0.7.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11075"
    }
  },
  "description": "Anchore Engine\u662f\u7f8e\u56fdAnchore\u516c\u53f8\u7684\u4e00\u6b3e\u5206\u6790Docker\u6620\u50cf\u5e76\u5e94\u7528\u7528\u6237\u5b9a\u4e49\u7684\u63a5\u53d7\u7b56\u7565\u4ee5\u5141\u8bb8\u81ea\u52a8\u5bb9\u5668\u6620\u50cf\u9a8c\u8bc1\u548c\u8ba4\u8bc1\u7684\u5f00\u6e90\u670d\u52a1\u3002\n\nAnchore Engine 0.7.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u547d\u4ee4\uff0c\u5305\u62ec\u8bbf\u95ee\u6570\u636e\u5e93\u51ed\u8bc1\u53ca\u6b63\u5728\u8fd0\u884c\u7684engien analyzer\u670d\u52a1\u7684\u73af\u5883\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-34630",
  "openTime": "2020-06-24",
  "patchDescription": "Anchore Engine\u662f\u7f8e\u56fdAnchore\u516c\u53f8\u7684\u4e00\u6b3e\u5206\u6790Docker\u6620\u50cf\u5e76\u5e94\u7528\u7528\u6237\u5b9a\u4e49\u7684\u63a5\u53d7\u7b56\u7565\u4ee5\u5141\u8bb8\u81ea\u52a8\u5bb9\u5668\u6620\u50cf\u9a8c\u8bc1\u548c\u8ba4\u8bc1\u7684\u5f00\u6e90\u670d\u52a1\u3002\r\n\r\nAnchore Engine 0.7.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u547d\u4ee4\uff0c\u5305\u62ec\u8bbf\u95ee\u6570\u636e\u5e93\u51ed\u8bc1\u53ca\u6b63\u5728\u8fd0\u884c\u7684engien analyzer\u670d\u52a1\u7684\u73af\u5883\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Anchore Engine\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Anchore Engine 0.7.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11075",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-28",
  "title": "Anchore Engine\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CVE-2020-11075 (GCVE-0-2020-11075)

Vulnerability from cvelistv5 – Published: 2020-05-27 21:20 – Updated: 2024-08-04 11:21

Summary

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-114 - Process Control

Assigner

GitHub_M

References

URL

Tags

	https://github.com/anchore/anchore-engine/securit…	x_refsource_CONFIRM
	https://github.com/anchore/anchore-engine/issues/430	x_refsource_MISC
	https://github.com/anchore/anchore-engine/pull/431	x_refsource_MISC
	https://github.com/anchore/anchore-engine/commit/…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	anchore	anchore-engine	Affected: = 0.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/anchore/anchore-engine/issues/430"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/anchore/anchore-engine/pull/431"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "anchore-engine",
          "vendor": "anchore",
          "versions": [
            {
              "status": "affected",
              "version": "= 0.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to \u0027root\u0027 then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-114",
              "description": "CWE-114: Process Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-27T21:20:14",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/anchore/anchore-engine/issues/430"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/anchore/anchore-engine/pull/431"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db"
        }
      ],
      "source": {
        "advisory": "GHSA-w4rm-w22x-h7m5",
        "discovery": "UNKNOWN"
      },
      "title": "Shell Escape in Anchore Engine",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11075",
          "STATE": "PUBLIC",
          "TITLE": "Shell Escape in Anchore Engine"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "anchore-engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "= 0.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "anchore"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to \u0027root\u0027 then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-114: Process Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5",
              "refsource": "CONFIRM",
              "url": "https://github.com/anchore/anchore-engine/security/advisories/GHSA-w4rm-w22x-h7m5"
            },
            {
              "name": "https://github.com/anchore/anchore-engine/issues/430",
              "refsource": "MISC",
              "url": "https://github.com/anchore/anchore-engine/issues/430"
            },
            {
              "name": "https://github.com/anchore/anchore-engine/pull/431",
              "refsource": "MISC",
              "url": "https://github.com/anchore/anchore-engine/pull/431"
            },
            {
              "name": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db",
              "refsource": "MISC",
              "url": "https://github.com/anchore/anchore-engine/commit/e41786901f097fd32104447a45864073105d37db"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-w4rm-w22x-h7m5",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11075",
    "datePublished": "2020-05-27T21:20:14",
    "dateReserved": "2020-03-30T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-34630

CVE-2020-11075 (GCVE-0-2020-11075)

Tags

Sightings

Nomenclature