GSD-2017-0889
Vulnerability from gsd - Updated: 2018-01-23 00:00Details
Paperclip gem provides multiple ways a file can be uploaded to a web server.
The vulnerability affects two of Paperclip’s IO adapters that accept URLs as
attachment data (UriAdapter and HttpUrlProxyAdapter). When these adapters are
used, Paperclip acts as a proxy and downloads the file from the website URI
that is passed in. The library does not perform any validation to protect
against Server Side Request Forgery (SSRF) exploits by default. This may allow
a remote attacker to access information about internal network resources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-0889",
"description": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.",
"id": "GSD-2017-0889",
"references": [
"https://www.suse.com/security/cve/CVE-2017-0889.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "paperclip",
"purl": "pkg:gem/paperclip"
}
}
],
"aliases": [
"CVE-2017-0889",
"GHSA-5jcf-c5rg-rmm8"
],
"details": "Paperclip gem provides multiple ways a file can be uploaded to a web server.\nThe vulnerability affects two of Paperclip\u2019s IO adapters that accept URLs as\nattachment data (UriAdapter and HttpUrlProxyAdapter). When these adapters are\nused, Paperclip acts as a proxy and downloads the file from the website URI\nthat is passed in. The library does not perform any validation to protect\nagainst Server Side Request Forgery (SSRF) exploits by default. This may allow\na remote attacker to access information about internal network resources.\n",
"id": "GSD-2017-0889",
"modified": "2018-01-23T00:00:00.000Z",
"published": "2018-01-23T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0889"
},
{
"type": "WEB",
"url": "https://github.com/thoughtbot/paperclip/commit/4ebedfbd11d20d03ed03a1274ed281eee62715d4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V2"
},
{
"score": 9.8,
"type": "CVSS_V3"
}
],
"summary": "Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability\nin the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.\n"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2017-04-21T00:00:00",
"ID": "CVE-2017-0889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "paperclip ruby gem",
"version": {
"version_data": [
{
"version_value": "All versions since 3.1.4"
}
]
}
}
]
},
"vendor_name": "thoughtbot"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/209430",
"refsource": "MISC",
"url": "https://hackerone.com/reports/209430"
},
{
"name": "https://github.com/thoughtbot/paperclip/pull/2435",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"name": "https://hackerone.com/reports/713",
"refsource": "MISC",
"url": "https://hackerone.com/reports/713"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2017-0889",
"cvss_v2": 7.5,
"cvss_v3": 9.8,
"date": "2018-01-23",
"description": "Paperclip gem provides multiple ways a file can be uploaded to a web server.\nThe vulnerability affects two of Paperclip\u2019s IO adapters that accept URLs as\nattachment data (UriAdapter and HttpUrlProxyAdapter). When these adapters are\nused, Paperclip acts as a proxy and downloads the file from the website URI\nthat is passed in. The library does not perform any validation to protect\nagainst Server Side Request Forgery (SSRF) exploits by default. This may allow\na remote attacker to access information about internal network resources.\n",
"gem": "paperclip",
"ghsa": "5jcf-c5rg-rmm8",
"patched_versions": [
"\u003e= 5.2.0"
],
"related": {
"url": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-0889",
"https://github.com/thoughtbot/paperclip/commit/4ebedfbd11d20d03ed03a1274ed281eee62715d4"
]
},
"title": "Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability\nin the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.\n",
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=3.1.4 \u003c5.2.0",
"affected_versions": "All versions starting from 3.1.4 before 5.2.0",
"credit": "Luka (sikic)",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-918",
"CWE-937"
],
"date": "2019-10-09",
"description": "Paperclip suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the `Paperclip::UriAdapter` class. Attackers may be able to access information about internal network resources.",
"fixed_versions": [
"5.2.0"
],
"identifier": "CVE-2017-0889",
"identifiers": [
"CVE-2017-0889"
],
"not_impacted": "All versions before 3.1.4, all versions starting from 5.2.0",
"package_slug": "gem/paperclip",
"pubdate": "2017-11-13",
"solution": "Upgrade to version 5.2.0 or above.",
"title": "Server-SIde Request Forgery (SSRF) vulnerability",
"urls": [
"https://github.com/thoughtbot/paperclip/pull/2435"
],
"uuid": "98875277-b523-49e0-adeb-62ad94c12edf"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thoughtbot:paperclip:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.0",
"versionStartIncluding": "3.1.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-assignments@hackerone.com",
"ID": "CVE-2017-0889"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/713",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/713"
},
{
"name": "https://hackerone.com/reports/209430",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/209430"
},
{
"name": "https://github.com/thoughtbot/paperclip/pull/2435",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:21Z",
"publishedDate": "2017-11-13T17:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…