Vulnerability-Lookup

CVE-2020-15224 (GCVE-0-2020-15224)

Vulnerability from cvelistv5 – Published: 2020-10-14 18:35 – Updated: 2024-08-04 13:08

Title

Socket syscalls can leak enclave memory contents in Open Enclave

Summary

In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-552 - Files or Directories Accessible to External Parties

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/openenclave/openenclave/securi…	x_refsource_CONFIRM
https://github.com/openenclave/openenclave/blob/m…	x_refsource_MISC
https://github.com/openenclave/openenclave/commit…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
openenclave	openenclave	Affected: < 0.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openenclave",
          "vendor": "openenclave",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-14T18:35:16.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
        }
      ],
      "source": {
        "advisory": "GHSA-525h-wxcc-f66m",
        "discovery": "UNKNOWN"
      },
      "title": "Socket syscalls can leak enclave memory contents in Open Enclave",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15224",
          "STATE": "PUBLIC",
          "TITLE": "Socket syscalls can leak enclave memory contents in Open Enclave"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "openenclave",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "openenclave"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-552 Files or Directories Accessible to External Parties"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m",
              "refsource": "CONFIRM",
              "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
            },
            {
              "name": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120",
              "refsource": "MISC",
              "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
            },
            {
              "name": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b",
              "refsource": "MISC",
              "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-525h-wxcc-f66m",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15224",
    "datePublished": "2020-10-14T18:35:17.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-15224",
      "date": "2026-05-27",
      "epss": "0.00102",
      "percentile": "0.27595"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.12.0\", \"matchCriteriaId\": \"99DFEB28-6E1E-4073-9AFF-F09D44D22F7E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"En Open Enclave versiones anteriores a 0.12.0, se presenta una vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n cuando una aplicaci\\u00f3n enclave que usa las llamadas al sistema proporcionadas por el archivo sockets.edl es cargada por una aplicaci\\u00f3n de host maliciosa.\u0026#xa0;Un atacante que explote con \\u00e9xito la vulnerabilidad podr\\u00eda leer datos privilegiados de la pila de enclave a trav\\u00e9s de l\\u00edmites confiables.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante tendr\\u00eda que iniciar sesi\\u00f3n en un sistema afectado y ejecutar una aplicaci\\u00f3n especialmente dise\\u00f1ada.\u0026#xa0;La vulnerabilidad no permitir\\u00eda a un atacante elevar los derechos de usuarios directamente, pero podr\\u00eda ser usada para obtener informaci\\u00f3n que de otro modo se considerar\\u00eda confidencial en un enclave, que podr\\u00eda usarse en compromisos adicionales.\u0026#xa0;El problema ha sido abordado en la versi\\u00f3n 0.12.0 y en la rama maestra actual. Los usuarios deber\\u00e1n volver a compilar sus aplicaciones con las bibliotecas parcheadas para estar protegidos de esta vulnerabilidad\"}]",
      "id": "CVE-2020-15224",
      "lastModified": "2024-11-21T05:05:07.740",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 2.7, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 5.1, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-10-14T19:15:13.633",
      "references": "[{\"url\": \"https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-15224\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-10-14T19:15:13.633\",\"lastModified\":\"2024-11-21T05:05:07.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.\"},{\"lang\":\"es\",\"value\":\"En Open Enclave versiones anteriores a 0.12.0, se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando una aplicaci\u00f3n enclave que usa las llamadas al sistema proporcionadas por el archivo sockets.edl es cargada por una aplicaci\u00f3n de host maliciosa.\u0026#xa0;Un atacante que explote con \u00e9xito la vulnerabilidad podr\u00eda leer datos privilegiados de la pila de enclave a trav\u00e9s de l\u00edmites confiables.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante tendr\u00eda que iniciar sesi\u00f3n en un sistema afectado y ejecutar una aplicaci\u00f3n especialmente dise\u00f1ada.\u0026#xa0;La vulnerabilidad no permitir\u00eda a un atacante elevar los derechos de usuarios directamente, pero podr\u00eda ser usada para obtener informaci\u00f3n que de otro modo se considerar\u00eda confidencial en un enclave, que podr\u00eda usarse en compromisos adicionales.\u0026#xa0;El problema ha sido abordado en la versi\u00f3n 0.12.0 y en la rama maestra actual. Los usuarios deber\u00e1n volver a compilar sus aplicaciones con las bibliotecas parcheadas para estar protegidos de esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":2.7,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":5.1,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.12.0\",\"matchCriteriaId\":\"99DFEB28-6E1E-4073-9AFF-F09D44D22F7E\"}]}]}],\"references\":[{\"url\":\"https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2020-64264

Vulnerability from cnvd - Published: 2020-11-18

Title

Microsoft Open Enclave SDK信息泄露漏洞（CNVD-2020-64264）

Description

Microsoft Open Enclave SDK是美国微软（Microsoft）公司的一款用于在C和C ++中构建安全区应用程序的SDK（软件开发工具包）。 Open Enclave 0.12.0之前版本存在安全漏洞，该漏洞源于当Enclave应用程序使用套接字提供的系统调用时，会存在信息泄露漏洞。攻击者可利用该漏洞可以跨越信任边界从enclave堆读取特权数据。

Severity

低

Patch Name

Microsoft Open Enclave SDK信息泄露漏洞（CNVD-2020-64264）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-15224

Impacted products

Name
Microsoft Microsoft Open Enclave SDK <0.12.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15224",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-15224"
    }
  },
  "description": "Microsoft Open Enclave SDK\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u5728C\u548cC ++\u4e2d\u6784\u5efa\u5b89\u5168\u533a\u5e94\u7528\u7a0b\u5e8f\u7684SDK\uff08\u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305\uff09\u3002\n\nOpen Enclave 0.12.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53Enclave\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u5957\u63a5\u5b57\u63d0\u4f9b\u7684\u7cfb\u7edf\u8c03\u7528\u65f6\uff0c\u4f1a\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u4eceenclave\u5806\u8bfb\u53d6\u7279\u6743\u6570\u636e\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-64264",
  "openTime": "2020-11-18",
  "patchDescription": "Microsoft Open Enclave SDK\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u5728C\u548cC ++\u4e2d\u6784\u5efa\u5b89\u5168\u533a\u5e94\u7528\u7a0b\u5e8f\u7684SDK\uff08\u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305\uff09\u3002\r\n\r\nOpen Enclave 0.12.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53Enclave\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u5957\u63a5\u5b57\u63d0\u4f9b\u7684\u7cfb\u7edf\u8c03\u7528\u65f6\uff0c\u4f1a\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u4eceenclave\u5806\u8bfb\u53d6\u7279\u6743\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Open Enclave SDK\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-64264\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Microsoft Open Enclave SDK \u003c0.12.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-15224",
  "serverity": "\u4f4e",
  "submitTime": "2020-10-21",
  "title": "Microsoft Open Enclave SDK\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-64264\uff09"
}

FKIE_CVE-2020-15224

Vulnerability from fkie_nvd - Published: 2020-10-14 19:15 - Updated: 2024-11-21 05:05

Severity

6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m	Third Party Advisory

Impacted products

	Vendor	Product	Version
	openenclave	openenclave	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99DFEB28-6E1E-4073-9AFF-F09D44D22F7E",
              "versionEndExcluding": "0.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."
    },
    {
      "lang": "es",
      "value": "En Open Enclave versiones anteriores a 0.12.0, se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando una aplicaci\u00f3n enclave que usa las llamadas al sistema proporcionadas por el archivo sockets.edl es cargada por una aplicaci\u00f3n de host maliciosa.\u0026#xa0;Un atacante que explote con \u00e9xito la vulnerabilidad podr\u00eda leer datos privilegiados de la pila de enclave a trav\u00e9s de l\u00edmites confiables.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante tendr\u00eda que iniciar sesi\u00f3n en un sistema afectado y ejecutar una aplicaci\u00f3n especialmente dise\u00f1ada.\u0026#xa0;La vulnerabilidad no permitir\u00eda a un atacante elevar los derechos de usuarios directamente, pero podr\u00eda ser usada para obtener informaci\u00f3n que de otro modo se considerar\u00eda confidencial en un enclave, que podr\u00eda usarse en compromisos adicionales.\u0026#xa0;El problema ha sido abordado en la versi\u00f3n 0.12.0 y en la rama maestra actual. Los usuarios deber\u00e1n volver a compilar sus aplicaciones con las bibliotecas parcheadas para estar protegidos de esta vulnerabilidad"
    }
  ],
  "id": "CVE-2020-15224",
  "lastModified": "2024-11-21T05:05:07.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-14T19:15:13.633",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-15224

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-15224

Aliases

CVE-2020-15224

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-15224",
    "description": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.",
    "id": "GSD-2020-15224"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-15224"
      ],
      "details": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.",
      "id": "GSD-2020-15224",
      "modified": "2023-12-13T01:21:43.860333Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-15224",
        "STATE": "PUBLIC",
        "TITLE": "Socket syscalls can leak enclave memory contents in Open Enclave"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "openenclave",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 0.12.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "openenclave"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-552 Files or Directories Accessible to External Parties"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m",
            "refsource": "CONFIRM",
            "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
          },
          {
            "name": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120",
            "refsource": "MISC",
            "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
          },
          {
            "name": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b",
            "refsource": "MISC",
            "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-525h-wxcc-f66m",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,0.12.0)",
          "affected_versions": "All versions before 0.12.0",
          "cvss_v2": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2021-11-18",
          "description": "This vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.",
          "fixed_versions": [],
          "identifier": "CVE-2020-15224",
          "identifiers": [
            "CVE-2020-15224",
            "GHSA-525h-wxcc-f66m"
          ],
          "not_impacted": "",
          "package_slug": "nuget/open-enclave",
          "pubdate": "2020-10-14",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Files or Directories Accessible to External Parties",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-15224"
          ],
          "uuid": "b1041b29-d6bd-4af6-9157-9652c0ac7107"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openenclave:openenclave:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15224"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
            },
            {
              "name": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
            },
            {
              "name": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 5.1,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2021-11-18T17:00Z",
      "publishedDate": "2020-10-14T19:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-15224 (GCVE-0-2020-15224)

CNVD-2020-64264

FKIE_CVE-2020-15224

GSD-2020-15224

Tags

Sightings

Nomenclature