GSD-2019-17636

Vulnerability from gsd - Updated: 2023-12-13 01:23
Details
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.
Aliases
Aliases
CVE-2019-17636
To clipboard 

{
  "GSD": {
    "alias": "CVE-2019-17636",
    "description": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.",
    "id": "GSD-2019-17636"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-17636"
      ],
      "details": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.",
      "id": "GSD-2019-17636",
      "modified": "2023-12-13T01:23:44.600997Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@eclipse.org",
        "ID": "CVE-2019-17636",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Eclipse Theia",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "0.3.9 to 0.15.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The Eclipse Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE: CWE-345: Insufficient Verification of Data Authenticity"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747",
            "refsource": "CONFIRM",
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.3.9 \u003c0.16.0",
          "affected_versions": "All versions starting from 0.3.9 before 0.16.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-345",
            "CWE-937"
          ],
          "date": "2021-04-13",
          "description": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.",
          "fixed_versions": [
            "0.16.0"
          ],
          "identifier": "CVE-2019-17636",
          "identifiers": [
            "GHSA-f7vx-j8mp-3h2x",
            "CVE-2019-17636"
          ],
          "not_impacted": "All versions before 0.3.9, all versions starting from 0.16.0",
          "package_slug": "npm/@theia/mini-browser",
          "pubdate": "2021-04-13",
          "solution": "Upgrade to version 0.16.0 or above.",
          "title": "Insufficient Verification of Data Authenticity",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-17636",
            "https://github.com/eclipse-theia/theia/pull/7205",
            "https://github.com/eclipse-theia/theia/commit/b212d07f915df1509180944ee3132714bc2636bf",
            "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747",
            "https://github.com/advisories/GHSA-f7vx-j8mp-3h2x"
          ],
          "uuid": "b4896097-0455-43ff-aeb3-9f00f1ec760c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.15.0",
                "versionStartIncluding": "0.3.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2019-17636"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-345"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2020-03-11T17:58Z",
      "publishedDate": "2020-03-10T15:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.