cvelistv5 - cve-2016-10533

CVE-2016-10533 (GCVE-0-2016-10533)

Vulnerability from cvelistv5 – Published: 2018-05-31 20:00 – Updated: 2024-09-17 00:35

Summary

express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.

Severity ?

No CVSS data available.

CWE

CWE-200 - Information Disclosure (CWE-200)

Assigner

hackerone

References

URL

Tags

	https://github.com/florianholzapfel/express-resti…	x_refsource_MISC
	https://nodesecurity.io/advisories/92	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	HackerOne	express-restify-mongoose node module	Affected: <= 2.4.2 \|\| >= 3.0.0 <=3.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:21:52.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nodesecurity.io/advisories/92"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "express-restify-mongoose node module",
          "vendor": "HackerOne",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.4.2 || \u003e= 3.0.0 \u003c=3.0.1"
            }
          ]
        }
      ],
      "datePublic": "2018-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information Disclosure (CWE-200)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-31T19:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nodesecurity.io/advisories/92"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "DATE_PUBLIC": "2018-04-26T00:00:00",
          "ID": "CVE-2016-10533",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "express-restify-mongoose node module",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 2.4.2 || \u003e= 3.0.0 \u003c=3.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HackerOne"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure (CWE-200)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252",
              "refsource": "MISC",
              "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
            },
            {
              "name": "https://nodesecurity.io/advisories/92",
              "refsource": "MISC",
              "url": "https://nodesecurity.io/advisories/92"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2016-10533",
    "datePublished": "2018-05-31T20:00:00Z",
    "dateReserved": "2017-10-29T00:00:00",
    "dateUpdated": "2024-09-17T00:35:52.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*\", \"versionEndIncluding\": \"2.4.2\", \"matchCriteriaId\": \"180B3984-F012-4A58-9A33-DF93C5E0F805\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.0.1\", \"matchCriteriaId\": \"0B2650DA-6D3C-4C9B-ACDA-847653549554\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.\"}, {\"lang\": \"es\", \"value\": \"express-restify-mongoose es un modulo para crear f\\u00e1cilmente una interfaz REST flexible para modelos mongoose. express-restify-mongoose en versiones 2.4.2 y anteriores y versiones 3.0.X hasta la 3.0.1 permite que un usuario malicioso env\\u00ede una petici\\u00f3n para \\\"GET /User?distinct=password\\\" y obtenga todas las contrase\\u00f1as de todos los usuarios de la base de datos, aunque el campo est\\u00e9 marcado como privado. Esto puede emplearse para otro tipo de datos privados si el usuario malicioso sabe qu\\u00e9 se marca como privado en rutas espec\\u00edficas.\"}]",
      "id": "CVE-2016-10533",
      "lastModified": "2024-11-21T02:44:12.980",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-05-31T20:29:01.110",
      "references": "[{\"url\": \"https://github.com/florianholzapfel/express-restify-mongoose/issues/252\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://nodesecurity.io/advisories/92\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/florianholzapfel/express-restify-mongoose/issues/252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://nodesecurity.io/advisories/92\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-10533\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2018-05-31T20:29:01.110\",\"lastModified\":\"2024-11-21T02:44:12.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.\"},{\"lang\":\"es\",\"value\":\"express-restify-mongoose es un modulo para crear f\u00e1cilmente una interfaz REST flexible para modelos mongoose. express-restify-mongoose en versiones 2.4.2 y anteriores y versiones 3.0.X hasta la 3.0.1 permite que un usuario malicioso env\u00ede una petici\u00f3n para \\\"GET /User?distinct=password\\\" y obtenga todas las contrase\u00f1as de todos los usuarios de la base de datos, aunque el campo est\u00e9 marcado como privado. Esto puede emplearse para otro tipo de datos privados si el usuario malicioso sabe qu\u00e9 se marca como privado en rutas espec\u00edficas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"2.4.2\",\"matchCriteriaId\":\"180B3984-F012-4A58-9A33-DF93C5E0F805\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.0.1\",\"matchCriteriaId\":\"0B2650DA-6D3C-4C9B-ACDA-847653549554\"}]}]}],\"references\":[{\"url\":\"https://github.com/florianholzapfel/express-restify-mongoose/issues/252\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://nodesecurity.io/advisories/92\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/florianholzapfel/express-restify-mongoose/issues/252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://nodesecurity.io/advisories/92\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2018-11276

Vulnerability from cnvd - Published: 2018-06-12

Title

express-restify-mongoose信息泄露漏洞

Description

express-restify-mongoose是一款为Mongoose Model创建界面的工具。 express-restify-mongoose 2.4.2及之前版本和3.0.X版本至3.0.1版本中存在安全漏洞。攻击者可通过发送请求利用该漏洞获取数据库中所有用户的密码。

Severity

中

Patch Name

express-restify-mongoose信息泄露漏洞的补丁

Patch Description

express-restify-mongoose是一款为Mongoose Model创建界面的工具。 express-restify-mongoose 2.4.2及之前版本和3.0.X版本至3.0.1版本中存在安全漏洞。攻击者可通过发送请求利用该漏洞获取数据库中所有用户的密码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/florianholzapfel/express-restify-mongoose/issues/252

Reference

https://github.com/florianholzapfel/express-restify-mongoose/issues/252

Impacted products

Name
['express-restify-mongoose express-restify-mongoose <=2.4.2', 'express-restify-mongoose express-restify-mongoose 3.0.*，<=3.0.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-10533"
    }
  },
  "description": "express-restify-mongoose\u662f\u4e00\u6b3e\u4e3aMongoose Model\u521b\u5efa\u754c\u9762\u7684\u5de5\u5177\u3002\r\n\r\nexpress-restify-mongoose 2.4.2\u53ca\u4e4b\u524d\u7248\u672c\u548c3.0.X\u7248\u672c\u81f33.0.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u5e93\u4e2d\u6240\u6709\u7528\u6237\u7684\u5bc6\u7801\u3002",
  "discovererName": "Stefan Mirea",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/florianholzapfel/express-restify-mongoose/issues/252",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11276",
  "openTime": "2018-06-12",
  "patchDescription": "express-restify-mongoose\u662f\u4e00\u6b3e\u4e3aMongoose Model\u521b\u5efa\u754c\u9762\u7684\u5de5\u5177\u3002\r\n\r\nexpress-restify-mongoose 2.4.2\u53ca\u4e4b\u524d\u7248\u672c\u548c3.0.X\u7248\u672c\u81f33.0.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6570\u636e\u5e93\u4e2d\u6240\u6709\u7528\u6237\u7684\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "express-restify-mongoose\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "express-restify-mongoose express-restify-mongoose \u003c=2.4.2",
      "express-restify-mongoose express-restify-mongoose 3.0.*\uff0c\u003c=3.0.1"
    ]
  },
  "referenceLink": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-04",
  "title": "express-restify-mongoose\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-CGJX-MWPX-47JV

Vulnerability from github – Published: 2018-10-23 17:14 – Updated: 2020-08-31 18:10

Summary

Private Data Disclosure in express-restify-mongoose

Details

Affected versions of express-restify-mongoose are susceptible to an information leakage vulnerability which may allow an attacker to access fields on a model even if those fields are marked as private.

Proof of Concept

If you have a user model that you want to protect, such as the following User model:

const User = mongoose.model('User', new mongoose.Schema({
    name: String,
    password: String,
}));

You would normally do something such as:

restify.serve(router, User, {
    private: ['password'], // Set the password part of User as private, so outside people can't read it
})

This would hide the password field from people that send your application a GET /User and GET /User/some-user-id request.

A malicious user can go to your application and send a request for GET /User?distinct=password and get all the passwords for all the users in the database, despite the field being set to private. This could be used for other private data, if the malicious user knew what was set as private for specific routes.

Recommendation

Version 2.x: Update to version 2.5.0 or later. Version 3.x: Update to version 3.1.0 or later.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "express-restify-mongoose"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.4.2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "express-restify-mongoose"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-10533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:31:33Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of `express-restify-mongoose` are susceptible to an information leakage vulnerability which may allow an attacker to access fields on a model even if those fields are marked as private.\n\n\n## Proof of Concept\n\nIf you have a user model that you want to protect, such as the following User model:\n```\nconst User = mongoose.model(\u0027User\u0027, new mongoose.Schema({\n    name: String,\n    password: String,\n}));\n```\n\nYou would normally do something such as:\n```\nrestify.serve(router, User, {\n    private: [\u0027password\u0027], // Set the password part of User as private, so outside people can\u0027t read it\n})\n```\n\nThis would hide the password field from people that send your application a `GET /User` and `GET /User/some-user-id` request. \n\nA malicious user can go to your application and send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This could be used for other private data, if the malicious user knew what was set as private for specific routes.\n\n\n## Recommendation\n\nVersion 2.x: Update to version 2.5.0 or later.\nVersion 3.x: Update to version 3.1.0 or later.",
  "id": "GHSA-cgjx-mwpx-47jv",
  "modified": "2020-08-31T18:10:32Z",
  "published": "2018-10-23T17:14:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10533"
    },
    {
      "type": "WEB",
      "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
    },
    {
      "type": "WEB",
      "url": "https://github.com/florianholzapfel/express-restify-mongoose/pull/253"
    },
    {
      "type": "WEB",
      "url": "https://github.com/florianholzapfel/express-restify-mongoose/commit/23ccb247d0074bfaca6737cdff52d89c6d6e4a7c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/florianholzapfel/express-restify-mongoose/commit/746defcd808e2ed1e8931dc36702b25b7db0e94b"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-cgjx-mwpx-47jv"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/92"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Private Data Disclosure in express-restify-mongoose"
}

GSD-2016-10533

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-10533

Aliases

CVE-2016-10533

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-10533",
    "description": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.",
    "id": "GSD-2016-10533"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-10533"
      ],
      "details": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.",
      "id": "GSD-2016-10533",
      "modified": "2023-12-13T01:21:27.114633Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "DATE_PUBLIC": "2018-04-26T00:00:00",
        "ID": "CVE-2016-10533",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "express-restify-mongoose node module",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c= 2.4.2 || \u003e= 3.0.0 \u003c=3.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HackerOne"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure (CWE-200)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252",
            "refsource": "MISC",
            "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
          },
          {
            "name": "https://nodesecurity.io/advisories/92",
            "refsource": "MISC",
            "url": "https://nodesecurity.io/advisories/92"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c=2.4.2||\u003e=3.0.0 \u003c=3.0.1",
          "affected_versions": "All versions up to 2.4.2, all versions starting from 3.0.0 up to 3.0.1",
          "cvss_v2": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-200",
            "CWE-937"
          ],
          "date": "2021-01-08",
          "description": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.",
          "fixed_versions": [
            "2.5.0",
            "3.1.0"
          ],
          "identifier": "CVE-2016-10533",
          "identifiers": [
            "GHSA-cgjx-mwpx-47jv",
            "CVE-2016-10533"
          ],
          "not_impacted": "All versions after 2.4.2 before 3.0.0, all versions after 3.0.1",
          "package_slug": "npm/express-restify-mongoose",
          "pubdate": "2018-10-23",
          "solution": "Upgrade to versions 2.5.0, 3.1.0 or above.",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-10533",
            "https://github.com/florianholzapfel/express-restify-mongoose/issues/252",
            "https://github.com/advisories/GHSA-cgjx-mwpx-47jv",
            "https://www.npmjs.com/advisories/92",
            "https://nodesecurity.io/advisories/92"
          ],
          "uuid": "fd0124e9-1e53-432c-9b33-1d87463a8b8c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.1",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2016-10533"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodesecurity.io/advisories/92",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://nodesecurity.io/advisories/92"
            },
            {
              "name": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:16Z",
      "publishedDate": "2018-05-31T20:29Z"
    }
  }
}

FKIE_CVE-2016-10533

Vulnerability from fkie_nvd - Published: 2018-05-31 20:29 - Updated: 2024-11-21 02:44

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
support@hackerone.com	https://github.com/florianholzapfel/express-restify-mongoose/issues/252	Issue Tracking, Third Party Advisory
support@hackerone.com	https://nodesecurity.io/advisories/92	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/florianholzapfel/express-restify-mongoose/issues/252	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://nodesecurity.io/advisories/92	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	express-restify-mongoose_project	express-restify-mongoose	*
	express-restify-mongoose_project	express-restify-mongoose	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "180B3984-F012-4A58-9A33-DF93C5E0F805",
              "versionEndIncluding": "2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "0B2650DA-6D3C-4C9B-ACDA-847653549554",
              "versionEndIncluding": "3.0.1",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes."
    },
    {
      "lang": "es",
      "value": "express-restify-mongoose es un modulo para crear f\u00e1cilmente una interfaz REST flexible para modelos mongoose. express-restify-mongoose en versiones 2.4.2 y anteriores y versiones 3.0.X hasta la 3.0.1 permite que un usuario malicioso env\u00ede una petici\u00f3n para \"GET /User?distinct=password\" y obtenga todas las contrase\u00f1as de todos los usuarios de la base de datos, aunque el campo est\u00e9 marcado como privado. Esto puede emplearse para otro tipo de datos privados si el usuario malicioso sabe qu\u00e9 se marca como privado en rutas espec\u00edficas."
    }
  ],
  "id": "CVE-2016-10533",
  "lastModified": "2024-11-21T02:44:12.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-31T20:29:01.110",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://nodesecurity.io/advisories/92"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://nodesecurity.io/advisories/92"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-10533 (GCVE-0-2016-10533)

CNVD-2018-11276

GHSA-CGJX-MWPX-47JV

Proof of Concept

Recommendation

GSD-2016-10533

FKIE_CVE-2016-10533

Tags

Sightings

Nomenclature