gsd-2020-5256
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-5256",
"description": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.",
"id": "GSD-2020-5256"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-5256"
],
"details": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.",
"id": "GSD-2020-5256",
"modified": "2023-12-13T01:22:03.677192Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5256",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution Through Image Uploads in BookStack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BookStack",
"version": {
"version_data": [
{
"version_value": "\u003c 0.25.5"
}
]
}
}
]
},
"vendor_name": "BookStackApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx",
"refsource": "CONFIRM",
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5"
}
]
},
"source": {
"advisory": "GHSA-g9rq-x4fj-f5hx",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.25.3",
"affected_versions": "All versions before 0.25.3",
"cvss_v2": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-434",
"CWE-78",
"CWE-937"
],
"date": "2021-01-08",
"description": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.",
"fixed_versions": [
"0.25.5"
],
"identifier": "CVE-2020-5256",
"identifiers": [
"GHSA-g9rq-x4fj-f5hx",
"CVE-2020-5256"
],
"not_impacted": "All versions starting from 0.25.3",
"package_slug": "packagist/ssddanbrown/bookstack",
"pubdate": "2020-03-13",
"solution": "Upgrade to version 0.25.5 or above.",
"title": "Unrestricted Upload of File with Dangerous Type",
"urls": [
"https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx",
"https://nvd.nist.gov/vuln/detail/CVE-2020-5256",
"https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3",
"https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4",
"https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5",
"https://github.com/advisories/GHSA-g9rq-x4fj-f5hx"
],
"uuid": "d009c4c4-4f0c-4747-a226-54b92c8fde2e"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.25.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5256"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-03-10T13:34Z",
"publishedDate": "2020-03-09T16:15Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.